How to enable proxy protocol with haproxy?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Linux (all versions)
  • HAProxy

Issue

  • How to enable proxy protocol with haproxy?

Resolution

Add send-proxy or send-proxy-v2 parameter in the backend server as given below:

frontend server_frontend
         bind 0.0.0.0:17506
         mode tcp
         default_backend backend_server


#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend backend_server
        server server1 192.0.2.0.78:7506  send-proxy-v2

Make sure the application supports the proxy protocol.

Root Cause

send-proxy: The Send-proxy parameter enforces the use of the PROXY protocol over any connection established to this server. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection so that it can know the client's address or the public address it accessed to, whatever the upper-layer protocol.

send-proxy-v2: The send-proxy-v2 parameter enforces the use of the PROXY protocol version 2 over any connection established to this server. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection so that it can know the client's address or the public address it accessed, whatever the upper-layer protocol. It also sends ALPN information if an alpn has been negotiated. This setting must not be used if the server isn't aware of this version of the protocol.

Diagnostic Steps

Verify proxy header using tcpdump:

$ tshark -r 0050-send-proxy.pcap -Y  'frame.number==13849' -V | grep PROXY -A15
PROXY Protocol
    Magic: 0d0a0d0a000d0a515549540a
    0010 .... = Version: 2
    .... 0001 = Command: 1
    [Version: 2]
    Address Family Protocol: TCP over IPv4 (0x11)
        0001 .... = Address Family: IPv4 (0x1)
        .... 0001 = Protocol: 0x1
    Length: 12
    Source Address: 192.0.2.0.78
    Destination Address: 198.51.100.141
    Source Port: 38926
    Destination Port: 17506

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments