Join Log in
Score:0
Josh avatar Server

How to pass remote server ip as header in haproxy tcp tunnel with accept-proxy enabled?

ae flag
Josh

I need to a variable for haproxy that is the actual remote ip while still using accept-proxy, like http-response set-header Upstream-Server %[req.real_ip]. %[src] does not work and sends the client ip from the proxy protocol if accept-proxy is active.

I have a setup like this:

  1. haproxy load balancers
  2. haproxy ddos protection servers
  3. nginx proxying to PHP web applications

1 accepts public Internet HTTP/S connections and mode tcp forwards them.
2 accept-proxy these connections, terminates ssl crt, and then applies anti-bot logic.
3 is the final destination and web application.

This is a pretty complicated setup so occasionally there are hiccups in the configuration which are hard to diagnose because of the number of moving parts. I need nginx to know the IPs of 1 and 2 so it can send that to the actual web application for debugging.

645
1 + 0
Score:1
Josh avatar Server
ae flag
Josh

Very obtuse but this works.

tcp-request must appear before any http-request to not cause warnings. tcp-request connection is the only scope in which src is not changed by the accept-proxy directive in bind. Thus,

frontend http-in
        bind :443 ssl crt /etc/ssl/mycert accept-proxy
        option forwardfor

        tcp-request connection set-var(sess.last_server_ip) src
        http-request add-header X-Forwarding-Frontend %[var(sess.last_server_ip)]

This will add the header X-Forwarding-Frontend with the value of the server that haproxy received the proxy protocol request from. It must be set as a variable this way, because src has a different value in every other context when not as an argument for tcp-request connection.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.