Folks,
I have done a setup where I am using Stunnel to forward incoming HTTPS requests to HaProxy. But, I am unable to get IP address at HaProxy level (determined by looking at logs) -
Here is the configuration file for Stunnel -
cert = /etc/stunnel/ssl.crt
key = /etc/apache2/ssl.key/socialappshq.com.key
sslVersion = all
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
CAfile = /etc/apache2/ssl.key/ca.pem
output = /var/log/stunnel4/stunnel.log
[proxy]
accept = 443
connect = 81
TIMEOUTclose = 0
Here is the config file for HaProxy -
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
defaults
log global
option httplog
option dontlognull
mode http
stats enable
retries 3
option redispatch
maxconn 2000
timeout client 40s # Client and server timeout must match the longest
timeout server 40s # time we may wait for a response from the server.
timeout queue 40s # Don't queue requests too long if saturated.
timeout connect 20s # There's no reason to change this one.
timeout http-request 30s # A complete request may never take that long.
frontend webfarm_ssl *:81 accept-proxy
option httpclose
option forwardfor
acl is_social hdr_dom(host) -i socialappshq.com
use_backend socialappshq_ssl if is_social
backend socialappshq_ssl
balance roundrobin
cookie JSESSIONID prefix
option httpchk GET /check.txt HTTP/1.0
server web2 ec2-XX.us-west-1.compute.amazonaws.com:8080 cookie B check inter 2000 rise 2 fall 3
What else should I do so that IP address passes from Stunnel to Haproxy?
Your help will be extremely appreciated.
Thx
Rajat Garg
Hi,
On 29-01-2012 08:51, Rajat Garg wrote:
Folks,
I have done a setup where I am using Stunnel to forward incoming HTTPS requests to HaProxy. But, I am unable to get IP address at HaProxy level (determined by looking at logs) -
Here is the configuration file for Stunnel -
[snipp]
[proxy]
accept = 443
connect = 81
TIMEOUTclose = 0
protocol = proxy
http://www.stunnel.org/static/stunnel.html
Br
Aleks
On Sunday, 29 of January 2012, Aleksandar Lazic wrote:
protocol = proxy
You also need to specify accept-proxy bind option of haproxy. This requires haproxy 1.5-dev3 or later: http://www.serverphorums.com/read.php?10,229392
Mike
On 29-01-2012 21:01, Michal Trojnara wrote:
On Sunday, 29 of January 2012, Aleksandar Lazic wrote:
protocol = proxy
You also need to specify accept-proxy bind option of haproxy. This requires haproxy 1.5-dev3 or later: http://www.serverphorums.com/read.php?10,229392
In the first mail was the haproxy.conf and there was a
... frontend webfarm_ssl *:81 accept-proxy ...
That's why I have only send the answer for stunnel, I hope it was help full.
BR Aleks
-
Aleksandar Lazic -
Michal Trojnara -
Rajat Garg