Pound, HAproxy and HAproxy logging

I'm trying to figure out one thing about HAproxy logging. Basically, we have Pound running in front of HAproxy on the same host doing SSL termination and then passing the requests to HAproxy. What I'm trying to figure out is how to log CLIENT's IP to HAproxy logs. At the moment no matter what I do I'm getting the following logged into HAproxy logs:

Feb 27 19:37:00 localhost.localdomain haproxy[17365]: 127.0.0.1:44880 [27/Feb/2013:19:36:59.786] ssl_application ssl_application/app01 0/0/0/385/386 200 3470 - - ---- 0/0/0/0/0 0/0 "GET / HTTP/1.1"

I know that 127.0.0.1 is the IP of Pound proxying requests to HAproxy, but I'm wondering if there is any way how to get the actual client IP logged into HAproxy logs.

Pound config looks like this:

User        "www-data"
Group       "www-data"

LogLevel   3
LogFacility local2

TimeOut 60

# poundctl control socket
Control "/var/run/pound/poundctl.socket"

ListenHTTPS
    Address 0.0.0.0
    Port    443
    Cert    "/etc/pound/ssl/certificate.pem"

    # Allow PUT and DELETE also (by default only GET, POST and HEAD)?:
    xHTTP        1

    Service
        BackEnd
            Address 127.0.0.1
            Port    8080
        End
    End
End

HA proxy config looks like this:

global
        log 127.0.0.1   local0 info
        log 127.0.0.1   local1 notice
        maxconn 4096
        user haproxy
        group haproxy
        stats socket /var/run/haproxy.sock

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        retries 3
        redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000
        option httpclose
        option forwardfor

# Set up application listeners here.
listen application 0.0.0.0:80
  acl health_check path_beg /health_check
  block if health_check
  option httpchk HEAD /health_check HTTP/1.1\r\nHost:\ staging.example.com
  balance roundrobin
  server app01 10.178.64.113:8000 weight 1 maxconn 100 check

listen ssl_application 0.0.0.0:8080
  acl health_check path_beg /health_check
  block if health_check
  option httpchk HEAD /health_check HTTP/1.1\r\nHost:\ staging.example.com
  balance roundrobin
  server app01 10.178.64.113:4430 weight 1 maxconn 100 check

listen admin 0.0.0.0:22002
  mode http
  stats uri /

Any advice would be greatly appreciated! Client's IP must be hiding there somewhere because it's being logged into Nginx which is behind HAproxy. It's just a matter of figuring out how to get it logged into HAproxy logs.

Best Answer

CMIIW, i never using Pound, but if you're sure Pound able to pass http header x-forwarded-for, you just add "capture request header x-forwarded-for len 15" on the HAproxy listen section (http://code.google.com/p/haproxy-docs/wiki/capture_request_header) and make sure "option httplog" also included.

Best Answer

Related Solutions

Ssl – HaProxy – Http and SSL pass through config

Pound + HAProxy or Stunnel + HAProxy

Related Topic