With HAProxy (to my knowledge) there are 3 ways to pass the original client information to the backend server. In order from simplest (i.e. recommended) to most complex:
- exposing a
X-Forwarded-For (and accompanying) headers;
- using the
- using HAProxy in “transparent proxy” mode, which involves some lower-level networking configuration;
That said I would strongly suggest using the
X-Forwarded-For header configured by HAProxy with either:
acl https-active ssl_fc
http-request set-header X-Forwarded-Proto 'https' if https-active
http-request set-header X-Forwarded-Proto 'http' if !https-active
http-request set-header X-Forwarded-Port '443' if https-active
http-request set-header X-Forwarded-Port '80' if !https-active
http-request set-header X-Forwarded-For "%ci"
The second (less suggested option) is to use the
PROXY protocol by using the
send-proxy-v2 server option (http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#send-proxy-v2).
However in both cases you’ll have to configure your backend server to trust the
X-Forwarded-* headers, or to “speak” the
PROXY protocol. And for this reason I say the headers is the easiest one as it works out-of-the-box with almost any HTTP server.