HAProxy community

HAProxy to Nginx

Hello,

I currently use haproxy 1.5.18 that has a backend of two servers running Nginx listening on port 80 & 443 and i’m trying to drop haproxy but every time i try it i get “broken header while reading proxy protocol” and i think the issue might be with “send-proxy” option.
Any recommendations will be helpful.

You will need to remove the proxy_protocol directive from your nginx configuration then, if you no longer use it.

This is one of the virtual host files:
i tried commenting out the proxy_protocol but same result.

server {
listen 0.0.0.0:443 ssl;

listen *:443 ssl http2 proxy_protocol;

 #   listen *:443 ssl http2;
    error_log /var/log/nginx/ar.islamway.net.error.log;
    server_name test.com;
    error_page   500 502 503 504  /50x.html;
  #  ssl                     on;
    ssl_certificate         /etc/letsencrypt/live/islamway.net/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/islamway.net/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;

    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';

    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/pki/tls/dhparams.pem;
    real_ip_header proxy_protocol;

 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; ";

location = /test/push.html {
http2_push /test/push.css;
root /data/web/webroot3/web;
}

if ($request_uri ~ 'select|union|ascii|database|undefined' ) {return 403;}

set_real_ip_from 127.0.0.1;

set_real_ip_from 72.52.116.87;

set_real_ip_from 72.52.116.101;

set_real_ip_from 38.76.31.223;

#    real_ip_header proxy_protocol;

location ~* ^/(sf|phplist|ramadan|gaza|hajj|team|teams|quranflash|Basateen|api|api2|kids)/ {
proxy_pass http://127.0.0.1:81;
http2_push_preload on;
proxy_connect_timeout 2000;
proxy_read_timeout 3000;
proxy_send_timeout 3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding “”;
proxy_set_header X-Forwarded-Proto $scheme;

    }

location ~* ^/fonts/ {
add_header Cache-Control public;
add_header Access-Control-Allow-Origin *;
}

    location ~* \.(gif|jpg|jpeg|png|bmp|ico|ttf|woff|otf|eot|txt|pdf|css|js|wmv|avi|mpg|mpeg|mp4|amr|mp3|ogg|wav|wma|m3u|mid|ram|rm|rmvb|rar|psd|swf|doc|xls|exe|zip|gz|bz2|tar.gz|tar.bz2)$ {
            root   /data/web/webroot3/web; # here
    http2_push_preload on;

add_header Access-Control-Allow-Origin *;
expires max;
}
location / {
proxy_pass http://127.0.0.1:81;
proxy_connect_timeout 2000;
proxy_read_timeout 3000;
proxy_send_timeout 3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Accept-Encoding “”;
proxy_set_header X-Forwarded-Proto $scheme;

add_header Front-End-Https on;

    }

S

location ~ .css$ {
add_header Content-Type text/css;
proxy_pass https://127.0.0.1:444;
}

location ~ .js$ {
add_header Content-Type application/x-javascript;
proxy_pass https://127.0.0.1:444;
}

E

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ /.ht {
deny all;
}

location /nginx_status {
stub_status on;
error_log on;
allow 127.0.0.1;
allow 192.168.100.98;
deny all;
}

No, you commented out real_ip_header proxy_protocol;. However what’s relevant is:

listen *:443 ssl http2 proxy_protocol;

You need to remove the proxy_protocol from all of the listen directives.

Will try that and see.

Commenting out the proxy_protocol worked out.