Hi,
I am running haproxy -> (192.168.80.90) on pfsense -> (192.168.80.1), In frontend I have checked the “Use “forwardfor” option.” But instead haproxy forwards the 192.168.80.1 address, instead of the clients ip.
Look for frontend FrontEndProxy
Thanks,
# Automaticaly generated, dont edit manually.
# Generated on: 2020-12-31 02:42
global
maxconn 1000
log /var/run/log local0 info
stats socket /tmp/haproxy.socket level admin expose-fd listeners
uid 80
gid 80
nbproc 1
nbthread 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
tune.ssl.default-dh-param 2048
server-state-file /tmp/haproxy_server_state
listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats admin if TRUE
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000
frontend FrontEndProxy
bind 192.168.80.90:443 name 192.168.80.90:443 ssl crt-list /var/etc/haproxy/FrontEndProxy.crt_list
mode http
log global
option socket-stats
option http-keep-alive
option forwardfor
acl https ssl_fc
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 30000
acl speed var(txn.txnhost) -m str -i speed.manjot.net
acl auth var(txn.txnhost) -m str -i auth.manjot.net
acl jellyfin var(txn.txnhost) -m str -i jellyfin.manjot.net
acl aclcrt_FrontEndProxy var(txn.txnhost) -m reg -i ^speed\.manjot\.net(:([0-9]){1,5})?$
acl aclcrt_FrontEndProxy var(txn.txnhost) -m reg -i ^auth\.manjot\.net(:([0-9]){1,5})?$
acl aclcrt_FrontEndProxy var(txn.txnhost) -m reg -i ^jellyfin\.manjot\.net(:([0-9]){1,5})?$
http-request set-var(txn.txnhost) hdr(host)
use_backend Speed_ipvANY if speed aclcrt_FrontEndProxy
use_backend Auth_ipvANY if auth aclcrt_FrontEndProxy
use_backend Jellyfin_ipvANY if jellyfin aclcrt_FrontEndProxy
frontend HTTP-TO-HTTPS
bind 192.168.80.90:80 name 192.168.80.90:80
mode http
log global
option http-keep-alive
option forwardfor
acl https ssl_fc
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 30000
http-request redirect scheme https
frontend GMFrontEndProxy
bind 192.168.80.39:443 name 192.168.80.39:443 ssl crt-list /var/etc/haproxy/GMFrontEndProxy.crt_list
mode http
log global
option http-keep-alive
timeout client 30000
acl gm var(txn.txnhost) -m str -i gm.manjot.net
acl aclcrt_GMFrontEndProxy var(txn.txnhost) -m reg -i ^gm\.manjot\.net(:([0-9]){1,5})?$
http-request set-var(txn.txnhost) hdr(host)
use_backend GM_ipvANY if gm aclcrt_GMFrontEndProxy
frontend GM-HTTP-TO-HTTPS
bind 192.168.80.39:80 name 192.168.80.39:80
mode http
log global
option http-keep-alive
timeout client 30000
http-request redirect scheme https
backend Speed_ipvANY
mode http
id 100
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
server speed 192.168.80.74:443 id 101 ssl check-ssl check inter 1000 verify none crt /var/etc/haproxy/server_clientcert_5f5d1c960d78a.pem
backend Auth_ipvANY
mode http
id 104
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /
server Auth 192.168.80.73:443 id 105 ssl check-ssl check inter 1000 verify none crt /var/etc/haproxy/server_clientcert_5f5f10b443a8f.pem
backend Jellyfin_ipvANY
mode http
id 106
log global
timeout connect 30000
timeout server 30000
retries 3
server jellyfin 192.168.80.18:8920 id 107 ssl check-ssl check inter 1000 verify none crt /var/etc/haproxy/server_clientcert_5f8a7e8154947.pem
backend GM_ipvANY
mode http
id 102
log global
timeout connect 30000
timeout server 30000
retries 3
option httpchk OPTIONS /si/home.do
server GM 192.168.80.38:9001 id 103 check inter 1000