Difference between revisions of "Haproxy"
Jump to navigation
Jump to search
(→apache) |
(→apache) |
||
| Line 80: | Line 80: | ||
===apache=== | ===apache=== | ||
| − | apache 2.3+ can use mod_remoteip | + | You can either use a mod to make apache interpret the X-Forwarded-for header as the real remote ip. For apache 2.2 use mod_rpaf, apache 2.3+ can use mod_remoteip. Otherwise you can rewrite the LogFormat's and replace "%h" (host) with "%{X-Forwarded-For}i" |
===glassfish=== | ===glassfish=== | ||
Configuration -> http service -> access logging -> Format : replace %client.name% with %header.x-forwarded-for% | Configuration -> http service -> access logging -> Format : replace %client.name% with %header.x-forwarded-for% | ||
Revision as of 18:22, 28 March 2011
Haproxy as content switch
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
#chroot /usr/share/haproxy
user haproxy
group haproxy
# uid 80
# gid 80
daemon
#debug
#quiet
defaults
log global
mode http
option httplog
option forwardfor
option dontlognull
retries 3
option redispatch
contimeout 5000
clitimeout 50000
srvtimeout 50000
frontend test-1 0.0.0.0:88
acl glassfish hdr_beg(host) app.t-hoerup.dk
acl transmission hdr_beg(host) t.t-hoerup.dk
acl donkey hdr_beg(host) donkey.t-hoerup.dk
acl glassfish-dev hdr_beg(host) app2.t-hoerup.dk
use_backend be_donkey if donkey
use_backend be_transmission if transmission
use_backend be_glassfish_dev if glassfish-dev
use_backend be_glassfish if glassfish
default_backend be_apache
# use_backend be_apache unless glassfish
#if this was a listener instead of a frontend-section then we could use the dispatch statement instead
# dispatch 192.168.10.5:9091 if transmission
# dispatch 192.168.10.5:4080 if donkey
# dispatch 192.168.10.10:8080 if glassfish-pumba
# dispatch 192.168.10.5:80
backend be_donkey
dispatch 192.168.10.5:4080
backend be_transmission
dispatch 192.168.10.5:9091
backend be_glassfish_dev
dispatch 192.168.10.10:8080
backend be_glassfish #if you want http-check you must use a loadbalancing setup like this
option httpchk /
balance roundrobin
server 192.168.10.5:8080 check inter 2000
backend be_apache
stats enable
stats uri /haproxy
dispatch 192.168.10.5:80
logging
Since haproxy is issuing new http requests the backend systems sees haproxy as the client. To circumvent this put these two options in haproxy (eg. under defaults):
option forwardfor #enable sending the X-Forwarded-For http header to the servers
option httpclose
You also need to make the backend servers understand the X-Forwarded-For header:
apache
You can either use a mod to make apache interpret the X-Forwarded-for header as the real remote ip. For apache 2.2 use mod_rpaf, apache 2.3+ can use mod_remoteip. Otherwise you can rewrite the LogFormat's and replace "%h" (host) with "%{X-Forwarded-For}i"
glassfish
Configuration -> http service -> access logging -> Format : replace %client.name% with %header.x-forwarded-for%