Difference between revisions of "Haproxy"
(→logging) |
(→logging) |
||
Line 73: | Line 73: | ||
Since haproxy is issuing new http requests the backend systems sees haproxy as the client. To circumvent this put these two options in haproxy (eg. under defaults): | Since haproxy is issuing new http requests the backend systems sees haproxy as the client. To circumvent this put these two options in haproxy (eg. under defaults): | ||
<pre> | <pre> | ||
− | option forwardfor #enable sending the X- | + | option forwardfor #enable sending the X-Forwarded-For http header to the servers |
option httpclose | option httpclose | ||
</pre> | </pre> | ||
+ | |||
+ | You also need to make the backend servers understand the X-Forwarded-For header: | ||
+ | |||
+ | ===apache=== | ||
+ | |||
+ | ===glassfish=== | ||
+ | Configuration -> http service -> access logging -> Format : replace %client.name% with %header.x-forwarded-for% |
Revision as of 10:01, 12 November 2010
Haproxy as content switch
global log 127.0.0.1 local0 log 127.0.0.1 local1 notice #log loghost local0 info maxconn 4096 #chroot /usr/share/haproxy user haproxy group haproxy # uid 80 # gid 80 daemon #debug #quiet defaults log global mode http option httplog option forwardfor option dontlognull retries 3 option redispatch contimeout 5000 clitimeout 50000 srvtimeout 50000 frontend test-1 0.0.0.0:88 acl glassfish hdr_beg(host) app.t-hoerup.dk acl transmission hdr_beg(host) t.t-hoerup.dk acl donkey hdr_beg(host) donkey.t-hoerup.dk acl glassfish-dev hdr_beg(host) app2.t-hoerup.dk use_backend be_donkey if donkey use_backend be_transmission if transmission use_backend be_glassfish_dev if glassfish-dev use_backend be_glassfish if glassfish default_backend be_apache # use_backend be_apache unless glassfish #if this was a listener instead of a frontend-section then we could use the dispatch statement instead # dispatch 192.168.10.5:9091 if transmission # dispatch 192.168.10.5:4080 if donkey # dispatch 192.168.10.10:8080 if glassfish-pumba # dispatch 192.168.10.5:80 backend be_donkey dispatch 192.168.10.5:4080 backend be_transmission dispatch 192.168.10.5:9091 backend be_glassfish_dev dispatch 192.168.10.10:8080 backend be_glassfish #if you want http-check you must use a loadbalancing setup like this option httpchk / balance roundrobin server 192.168.10.5:8080 check inter 2000 backend be_apache stats enable stats uri /haproxy dispatch 192.168.10.5:80
logging
Since haproxy is issuing new http requests the backend systems sees haproxy as the client. To circumvent this put these two options in haproxy (eg. under defaults):
option forwardfor #enable sending the X-Forwarded-For http header to the servers option httpclose
You also need to make the backend servers understand the X-Forwarded-For header:
apache
glassfish
Configuration -> http service -> access logging -> Format : replace %client.name% with %header.x-forwarded-for%