HAProxy with PostgreSQL for Transparent IP

I have HAProxy configuration like :

listen master
bind *:5000
option httpchk OPTIONS /master
http-check expect status 200
default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions
server pg0 pg0:5432 maxconn 100 check port 8008
server pg1 pg1:5432 maxconn 100 check port 8008
server pg2 pg2:5432 maxconn 100 check port 8008

How to have Transparent IP configuration such that client IP is passed to Server rather than IP of the HAProxy server?

With HAProxy (to my knowledge) there are 3 ways to pass the original client information to the backend server. In order from simplest (i.e. recommended) to most complex:

  • exposing a X-Forwarded-For (and accompanying) headers;
  • using the PROXY protocol;
  • using HAProxy in “transparent proxy” mode, which involves some lower-level networking configuration;

That said I would strongly suggest using the X-Forwarded-For header configured by HAProxy with either:

    acl https-active ssl_fc

    http-request set-header X-Forwarded-Proto 'https' if https-active
    http-request set-header X-Forwarded-Proto 'http' if !https-active

    http-request set-header X-Forwarded-Port '443' if https-active
    http-request set-header X-Forwarded-Port '80' if !https-active

    http-request set-header X-Forwarded-For "%ci"

The second (less suggested option) is to use the PROXY protocol by using the send-proxy-v2 server option (HAProxy version 1.8.30 - Configuration Manual).

However in both cases you’ll have to configure your backend server to trust the X-Forwarded-* headers, or to “speak” the PROXY protocol. And for this reason I say the headers is the easiest one as it works out-of-the-box with almost any HTTP server.

Hi, i tried the second method eg. using the PROXY protocol; (send-proxy-v2 and send-proxy) without success. Postgres gives me an error during authorization.

LOG:  invalid length of startup packet

Could you please give an example how to use X-Forwarded-For in HAProxy tcp mode?
Or there are any other options. The point is i need source IP 's to be visible on backend server. Currently i see only HAProxy as source IP for all db connected hosts.

Thanks in advice.