Difference between revisions of "Haproxy"
(→apache) |
(→apache) |
||
Line 80: | Line 80: | ||
===apache=== | ===apache=== | ||
− | apache 2.3+ can use mod_remoteip | + | You can either use a mod to make apache interpret the X-Forwarded-for header as the real remote ip. For apache 2.2 use mod_rpaf, apache 2.3+ can use mod_remoteip. Otherwise you can rewrite the LogFormat's and replace "%h" (host) with "%{X-Forwarded-For}i" |
===glassfish=== | ===glassfish=== | ||
Configuration -> http service -> access logging -> Format : replace %client.name% with %header.x-forwarded-for% | Configuration -> http service -> access logging -> Format : replace %client.name% with %header.x-forwarded-for% |
Revision as of 18:22, 28 March 2011
Haproxy as content switch
global log 127.0.0.1 local0 log 127.0.0.1 local1 notice #log loghost local0 info maxconn 4096 #chroot /usr/share/haproxy user haproxy group haproxy # uid 80 # gid 80 daemon #debug #quiet defaults log global mode http option httplog option forwardfor option dontlognull retries 3 option redispatch contimeout 5000 clitimeout 50000 srvtimeout 50000 frontend test-1 0.0.0.0:88 acl glassfish hdr_beg(host) app.t-hoerup.dk acl transmission hdr_beg(host) t.t-hoerup.dk acl donkey hdr_beg(host) donkey.t-hoerup.dk acl glassfish-dev hdr_beg(host) app2.t-hoerup.dk use_backend be_donkey if donkey use_backend be_transmission if transmission use_backend be_glassfish_dev if glassfish-dev use_backend be_glassfish if glassfish default_backend be_apache # use_backend be_apache unless glassfish #if this was a listener instead of a frontend-section then we could use the dispatch statement instead # dispatch 192.168.10.5:9091 if transmission # dispatch 192.168.10.5:4080 if donkey # dispatch 192.168.10.10:8080 if glassfish-pumba # dispatch 192.168.10.5:80 backend be_donkey dispatch 192.168.10.5:4080 backend be_transmission dispatch 192.168.10.5:9091 backend be_glassfish_dev dispatch 192.168.10.10:8080 backend be_glassfish #if you want http-check you must use a loadbalancing setup like this option httpchk / balance roundrobin server 192.168.10.5:8080 check inter 2000 backend be_apache stats enable stats uri /haproxy dispatch 192.168.10.5:80
logging
Since haproxy is issuing new http requests the backend systems sees haproxy as the client. To circumvent this put these two options in haproxy (eg. under defaults):
option forwardfor #enable sending the X-Forwarded-For http header to the servers option httpclose
You also need to make the backend servers understand the X-Forwarded-For header:
apache
You can either use a mod to make apache interpret the X-Forwarded-for header as the real remote ip. For apache 2.2 use mod_rpaf, apache 2.3+ can use mod_remoteip. Otherwise you can rewrite the LogFormat's and replace "%h" (host) with "%{X-Forwarded-For}i"
glassfish
Configuration -> http service -> access logging -> Format : replace %client.name% with %header.x-forwarded-for%