Folks,
I have done a setup where I am using Stunnel to forward incoming HTTPS requests to HaProxy. But, I am unable to get IP address at HaProxy level (determined by looking at logs) –
Here is the configuration file for Stunnel –
cert = /etc/stunnel/ssl.crt
key = /etc/apache2/ssl.key/socialappshq.com.key
sslVersion = all
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
CAfile = /etc/apache2/ssl.key/ca.pem
output = /var/log/stunnel4/stunnel.log
[proxy]
accept = 443
connect = 81
TIMEOUTclose = 0
Here is the config file for HaProxy –
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
defaults
log global
option httplog
option dontlognull
mode http
stats enable
retries 3
option redispatch
maxconn 2000
timeout client 40s # Client and server timeout must match the longest
timeout server 40s # time we may wait for a response from the server.
timeout queue 40s # Don't queue requests too long if saturated.
timeout connect 20s # There's no reason to change this one.
timeout http-request 30s # A complete request may never take that long.
frontend webfarm_ssl *:81 accept-proxy
option httpclose
option forwardfor
acl is_social hdr_dom(host) -i socialappshq.com
use_backend socialappshq_ssl if is_social
backend socialappshq_ssl
balance roundrobin
cookie JSESSIONID prefix
option httpchk GET /check.txt HTTP/1.0
server web2 ec2-XX.us-west-1.compute.amazonaws.com:8080 cookie B check inter 2000 rise 2 fall 3
What else should I do so that IP address passes from Stunnel to Haproxy?
Your help will be extremely appreciated.
Thx
Rajat Garg