HAProxy community

HAProxy with PostgreSQL for Transparent IP


I have HAProxy configuration like :

listen master
bind *:5000
option httpchk OPTIONS /master
http-check expect status 200
default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions
server pg0 pg0:5432 maxconn 100 check port 8008
server pg1 pg1:5432 maxconn 100 check port 8008
server pg2 pg2:5432 maxconn 100 check port 8008

How to have Transparent IP configuration such that client IP is passed to Server rather than IP of the HAProxy server?


With HAProxy (to my knowledge) there are 3 ways to pass the original client information to the backend server. In order from simplest (i.e. recommended) to most complex:

  • exposing a X-Forwarded-For (and accompanying) headers;
  • using the PROXY protocol;
  • using HAProxy in “transparent proxy” mode, which involves some lower-level networking configuration;

That said I would strongly suggest using the X-Forwarded-For header configured by HAProxy with either:

    acl https-active ssl_fc

    http-request set-header X-Forwarded-Proto 'https' if https-active
    http-request set-header X-Forwarded-Proto 'http' if !https-active

    http-request set-header X-Forwarded-Port '443' if https-active
    http-request set-header X-Forwarded-Port '80' if !https-active

    http-request set-header X-Forwarded-For "%ci"

The second (less suggested option) is to use the PROXY protocol by using the send-proxy-v2 server option (http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#send-proxy-v2).

However in both cases you’ll have to configure your backend server to trust the X-Forwarded-* headers, or to “speak” the PROXY protocol. And for this reason I say the headers is the easiest one as it works out-of-the-box with almost any HTTP server.