HAProxy community

HAProxy with PostgreSQL for Transparent IP


#1

I have HAProxy configuration like :

listen master
bind *:5000
option httpchk OPTIONS /master
http-check expect status 200
default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions
server pg0 pg0:5432 maxconn 100 check port 8008
server pg1 pg1:5432 maxconn 100 check port 8008
server pg2 pg2:5432 maxconn 100 check port 8008

How to have Transparent IP configuration such that client IP is passed to Server rather than IP of the HAProxy server?


#2

With HAProxy (to my knowledge) there are 3 ways to pass the original client information to the backend server. In order from simplest (i.e. recommended) to most complex:

  • exposing a X-Forwarded-For (and accompanying) headers;
  • using the PROXY protocol;
  • using HAProxy in “transparent proxy” mode, which involves some lower-level networking configuration;

That said I would strongly suggest using the X-Forwarded-For header configured by HAProxy with either:

    acl https-active ssl_fc

    http-request set-header X-Forwarded-Proto 'https' if https-active
    http-request set-header X-Forwarded-Proto 'http' if !https-active

    http-request set-header X-Forwarded-Port '443' if https-active
    http-request set-header X-Forwarded-Port '80' if !https-active

    http-request set-header X-Forwarded-For "%ci"

The second (less suggested option) is to use the PROXY protocol by using the send-proxy-v2 server option (http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#send-proxy-v2).

However in both cases you’ll have to configure your backend server to trust the X-Forwarded-* headers, or to “speak” the PROXY protocol. And for this reason I say the headers is the easiest one as it works out-of-the-box with almost any HTTP server.