Hi,
I have a problem with the HAPORXY configuration.
I have a public IP.
There are two LAMP servers in my network.
I want to be able to access them from the outside through two different domains on ports 80 and 443.
I have configured HAPORXY for this purpose.
It works. I have access to two servers through two different domains.
The problem is that in the Apache logs on LAMP01 and LAMP02 I can see the IP of the HAPROXY server instead of the client’s real IP.
What do I have to change to see the client’s real IP in the logs?
I added an entry to the Apache configuration file:
]RemoteIPHeader X-Forwarded-For
LogFormat "% a% l% u% t \"% r \ "%> s% O \"% {Referer} i \ "\"% {User-Agent} i \ "" combined
LogFormat "% a% l% u% t \"% r \ "%> s% b" common
Then I executed the command:
a2enmod remoteip && systemctl restart apache2
Below is my configuration file for HAPROXY:
root@haproxy01:~# cat /etc/haproxy/haproxy.cfg
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
option forwardfor
timeout connect 10s
timeout client 60s
timeout server 60s
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http_in
mode http
option httplog
bind *:80
option forwardfor
redirect scheme https code 301 if !{ ssl_fc }
acl host_server1 hdr(host) -i mojadomena1.pl
acl host_server2 hdr(host) -i mojadomena2.pl
acl host_server3 hdr(host) -i test.mojadomena2.pl
use_backend http_server1 if host_server1
use_backend http_server2 if host_server2
use_backend http_server3 if host_server3
backend http_server1
mode http
option httplog
option forwardfor
server server1 server1:80
backend http_server2
mode http
option httplog
option forwardfor
server server2 server2:80
backend http_server3
mode http
option httplog
option forwardfor
server server3 server3:80
frontend https_in
mode tcp
option tcplog
option forwardfor
bind *:443
acl tls req.ssl_hello_type 1
tcp-request inspect-delay 5s
tcp-request content accept if tls
acl host_server1 req.ssl_sni -i mojadomena1.pl
acl host_server2 req.ssl_sni -i mojadomena2.pl
acl host_server3 req.ssl_sni -i test.mojadomena2.pl
use_backend https_server1 if host_server1
use_backend https_server2 if host_server2
use_backend https_server3 if host_server3
backend https_server1
mode tcp
option tcplog
option forwardfor
option ssl-hello-chk
server server1 server1:443
backend https_server2
mode tcp
option tcplog
option forwardfor
option ssl-hello-chk
server server2 server2:443
backend https_server3
mode tcp
option tcplog
option forwardfor
option ssl-hello-chk
server server3 server3:443
frontend stats
bind *:8404
stats enable
stats uri /stats
stats refresh 10s
stats admin if LOCALHOST
stats auth admin:admin123
Please help me