Both seem to work perfectly as-long as I don't want to know who is accessing my site which make it next to useless. However, I can get HAProxy to report the IP Address of the visitor as long as you visit the HTTP page on port 80 as per my configuration file. I can also get STunnel to work with HAProxy but as soon as I enable 'protocol = proxy' the HTTPS side breaks and all I get in my browser is '400 Bad Request Your browser sent an invalid request'. I've played with everything I can thing of and I still cant get a Transparent STunnel>HAProxy solution working correctly.[cut]
haproxy.cfg
======================================
global
daemon
log /dev/log local4
maxconn 40000
ulimit-n 81000
defaults
log global
mode http
contimeout 4000
clitimeout 42000
srvtimeout 43000
listen http1
bind 192.168.82.10:80
mode http
option http-server-close
option forwardfor
source 0.0.0.0 usesrc clientip
balance roundrobin
server http1_1 10.0.0.10:80 cookie http1_1 check inter 2000 rise 2 fall 3
server http1_1 10.0.0.20:80 cookie http1_1 check inter 2000 rise 2 fall 3
3. Implementations
Haproxy 1.5 implements the PROXY protocol on both sides :
- the listening sockets accept the protocol when the "accept-proxy" setting
is passed to the "bind" keyword. Connections accepted on such listeners
will behave just as if the source really was the one advertised in the
protocol. This is true for logging, ACLs, content filtering, transparent
proxying, etc...
- the protocol may be used to connect to servers if the "send-proxy" setting
is present on the "server" line. It is enabled on a per-server basis, so it
is possible to have it enabled for remote servers only and still have local
ones behave differently. If the incoming connection was accepted with the
"accept-proxy", then the relayed information is the one advertised in this
connection's PROXY line.