Proxy Protocol won't work with TCP Load balancing

MBA · July 5, 2022, 6:19pm

Hello Team

We have a inhouse developed application which works on Port 5000 TCP

Our application has an interface which shows IP Address of a client when someone logs in, our requirement is to preserve the Client IP Address

We have configured HA Proxy as a load balancer/reverse proxy but we encountered following issues:

It never passes client IP Address to our application only load balancer IP Address is shown
Whenever we try accept-proxy variable we don’t see any request at application
We have tried numerous solutions shared over the internet but nothing works
Do we need to any proxy protocol implementation in our application?

Can anyone please assist or put us in direction?

Baptiste · July 5, 2022, 7:38pm

Hi!

You have to set the send-proxy parameter of the server line in your HAProxy backend: HAProxy version 2.4.15 - Configuration Manual

and yes, your application must support parsing the proxy protocol, cause it is inserted at the beginning of the first TCP payload.

MBA · July 6, 2022, 5:17am

Hi Baptiste

Thanks for the guidance, here is the configuration file:

#---------------------------------------------------------------------

Global settings

#---------------------------------------------------------------------
global
log 127.0.0.1:514 local0
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user root
group root
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------

Defaults block

#---------------------------------------------------------------------
defaults
log global

timeout if backends do not reply

timeout connect 	    5000ms

timeout on client side

timeout client          50000ms

timeout on server side

timeout server 	    50000ms

#---------------------------------------------------------------------

Front End block for Stats

#---------------------------------------------------------------------
frontend stats
bind 0.0.0.0:85
mode http
option httplog
option logasap
option forwardfor header X-Client
stats enable
stats auth admin:admin
stats uri /stats
stats refresh 5s
#---------------------------------------------------------------------

Front End block

#---------------------------------------------------------------------
frontend front
bind 172.16.35.83:5001 transparent
mode tcp
log global
option tcplog
option logasap
option forwardfor header X-Client
default_backend back
#---------------------------------------------------------------------

Backend End block

#---------------------------------------------------------------------
backend back
mode tcp
balance roundrobin
option tcp-check
server tcp01 server_IP:5000 send-proxy

####Config End

MBA · July 12, 2022, 12:16pm

@Baptiste Can you please refer to documentation for implementation in application?

lukastribus · July 12, 2022, 2:21pm

It’s in doc/proxy-protocol.txt

http://git.haproxy.org/?p=haproxy.git;a=blob;f=doc/proxy-protocol.txt

Topic		Replies	Views
HaProxy send-proxy-v2 is not sending client_ip Help!	1	185	March 19, 2024
Send sourceIP to backend Help!	4	448	April 14, 2021
HAProxy to retain client IP Help!	3	11570	July 2, 2019
Source IP in backend Help!	1	726	March 15, 2020
Chained HAProxy in tcp mode with proxy protocol enabled not working Help!	17	6518	May 25, 2019