Haproxy - httpd real ip


#1

Hello,

I just installed haproxy as reverse proxy for apache under centos 7.

I configured it to do ssl from end to end (client <- ssl -> haproxy <- ssl -> srv_web).

Everything works, the only problem is that at the level of logs apache, it is impossible to have the IP address of the client.

My configuration:

frontend http-in
bind *:80
mode http
option httplog
redirect scheme https code 301 if !{ ssl_fc }
acl acl1 hdr(host) domain.fr
use_backend back1 if acl1

frontend https-in
bind *:443 ssl crt cert.pem no-sslv3
mode http
option httplog
acl acl1 hdr(host) domain.fr
use_backend back1 if acl1

backend back1
mode http
option httpchk
option forwardfor except 127.0.0.1
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option forwardfor header X-Client
server web-server1 10.10.0.1:8443 ssl verify none

In apache : httpd.conf

LogFormat “%{X-Forwarded-For}i %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” combined

Would anyone have an idea?

Thank you in advance


#2

Looks like you configured haproxy to send the client IP in the header X-Client, but Apache expects X-Forwarded-For.

Remove “header X-Client” from the “option forwardfor” directive.


#3

Thank you for your answer.
I deleted the line, but nothing changes. It does not always work.

Other ideas?


#4

Which haproxy release is it?

In 1.4 you need
option http-server-close

http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#option%20http-server-close