Hi,
I would like to transfer the real IP from HAProxy to Apache2 in TCP mode. I have read topics for the method to use in HTTP mode, but I have not seen anything in TCP mode. On this forum some time ago, I was explained how to do it with Nginx, but with Apache2 it seems more difficult to implement.
HAProxy version 2.8.3-1~bpo12+1 2023/09/08 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2028.
Known bugs: http://www.haproxy.org/bugs/bugs-2.8.3.html
Running on: Linux 6.1.0-13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.55-1 (2023-09-29) x86_64
Server version: Apache/2.4.57 (Debian)
Server built: 2023-04-13T03:26:51
Config HAProxy:
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
daemon
user haproxy
group haproxy
log /dev/log local6 notice
log /dev/log local5 info
maxconn 100000
chroot /var/lib/haproxy
pidfile /run/haproxy.pid
stats socket /var/run/haproxy/admin.sock mode 777 level admin
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode tcp
option tcplog
log global
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
#---------------------------------------------------------------------
# dedicated stats page
#---------------------------------------------------------------------
listen stats
mode http
bind :22222
stats enable
stats hide-version
stats uri /stats
stats realm HAProxy-Statistics
stats auth XYZ:XXXXXXX
stats refresh 30s
# stats admin if TRUE
#---------------------------------------------------------------------
# Frontend to redirect HTTP to HTTPS with code 301
#---------------------------------------------------------------------
frontend http-redirect
mode http
bind :80 v4v6
http-request redirect scheme https code 301
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main_https_listen
bind :443 v4v6
mode tcp
option tcplog
log global
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
#---------------------------------------------------------------------
# Common HAProxy nodes configuration
#---------------------------------------------------------------------
# -------------------------------
# ACLs
# -------------------------------
acl acl_nextcloud req.ssl_sni -i xyyzz.dataxxxyyyzzz.xyz www.xyyzz.dataxxxyyyzzz.xyz
# -------------------------------
# Conditions
# -------------------------------
use_backend backend_nextcloud if acl_nextcloud
#---------------------------------------------------------------------
# Backends
#---------------------------------------------------------------------
# APP 1 NEXTCLOUD
backend backend_nextcloud
description NEXTCLOUD
mode tcp
option ssl-hello-chk
server server_nextcloud 192.168.1.6:443
I understood that on Apache2 it was necessary to use the âa2enmod remoteipâ module and modify the virtual host by adding âRemoteIPProxyProtocol Onâ
<VirtualHost *:443>
...
RemoteIPProxyProtocol On
...
</VirtualHost>
but I donât know the configuration of HAProxy in TCP mode.
Thanks for your help.