How to enable proxy protocol with haproxy?
Environment
- Red Hat Enterprise Linux (all versions)
- HAProxy
Issue
- How to enable proxy protocol with haproxy?
Resolution
Add send-proxy
or send-proxy-v2
parameter in the backend server as given below:
frontend server_frontend
bind 0.0.0.0:17506
mode tcp
default_backend backend_server
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend backend_server
server server1 192.0.2.0.78:7506 send-proxy-v2
Make sure the application supports the proxy protocol.
Root Cause
send-proxy: The Send-proxy
parameter enforces the use of the PROXY protocol over any connection established to this server. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection so that it can know the client's address or the public address it accessed to, whatever the upper-layer protocol.
send-proxy-v2: The send-proxy-v2
parameter enforces the use of the PROXY protocol version 2 over any connection established to this server. The PROXY protocol informs the other end about the layer 3/4 addresses of the incoming connection so that it can know the client's address or the public address it accessed, whatever the upper-layer protocol. It also sends ALPN information if an alpn has been negotiated. This setting must not be used if the server isn't aware of this version of the protocol.
Diagnostic Steps
Verify proxy header using tcpdump:
$ tshark -r 0050-send-proxy.pcap -Y 'frame.number==13849' -V | grep PROXY -A15
PROXY Protocol
Magic: 0d0a0d0a000d0a515549540a
0010 .... = Version: 2
.... 0001 = Command: 1
[Version: 2]
Address Family Protocol: TCP over IPv4 (0x11)
0001 .... = Address Family: IPv4 (0x1)
.... 0001 = Protocol: 0x1
Length: 12
Source Address: 192.0.2.0.78
Destination Address: 198.51.100.141
Source Port: 38926
Destination Port: 17506
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments