Hello,
I have two servers with HAProxy, let’s call them “Passthrough” and “App”.
Passthrough dispatches the requests to our different preproduction servers.
App is a preproduction server.
I need the client address IP in App (for authentication purposes), but with my current configuration it is Passthrough’s IP which is forwarded, so I get a 500 Internal Server Error (which is normal).
When I try to use the PROXY protocol and add the send-proxy and expect-proxy, I get SSL Handshake failures. I have no additional information on this error and I can’t find the Alert packet describing the SSL error.
Could someone help me by at least telling me where to look? I’m confused by not having found anything in my capture.
Thanks for any help you could provide!
Passthrough (simplified) faulty configuration, HAProxy 2.6:
defaults base
log global
mode tcp
timeout connect 5000
timeout client 120000
timeout server 110000
frontend lb from base
bind 192.168.80.70:443
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend app if { req_ssl_sni -i app.example.com }
default_backend deny
backend app from base
server app 192.168.20.41:443 send-proxy
backend deny from base
mode http
http-request deny
App (simplified) faulty configuration, HAProxy 2.0:
defaults
log global
mode http
option httplog
option donglognull
option forwardfor
timeout connect 5000
timeout client 50000
timeout server 50000
frontend https
bind *:443 ssl crt [...]
tcp-request connection expect-proxy layer4 if { src 192.168.80.70 }
use_backend interop
backend interop
http-check expect status 200
option httpchk GET /isup
server local localhost:5042 check inter 10000 fastinter 2000
http-response set-header Content-Security-Policy [...]
Packet capture:
