You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Len Bellemore <Le...@alternativenetworks.com> on 2016/03/16 16:15:05 UTC

Persisting Source IP on Load Balancers

Hi Guys,

Does anyone know if it is possible to preserve the source IP that is coming in to servers behind the virtual router load balancer?

In my web servers logs, every connection is from the virtual router.

Thanks
Len

RE: Persisting Source IP on Load Balancers

Posted by Len Bellemore <Le...@alternativenetworks.com>.
OK, thanks everyone.

-----Original Message-----
From: S. Brüseke - proIO GmbH [mailto:s.brueseke@proio.com] 
Sent: 17 March 2016 08:32
To: Bellemore, Len - Data Analytics; users@cloudstack.apache.org
Subject: AW: Persisting Source IP on Load Balancers

Hi Len,

I am not aware of a solutions for ssl traffic for this. 
A workaround would be to delete loadbalancing for ssl on the VR and create a nginx instance running ssl lb.

Mit freundlichen Grüßen / With kind regards,

Swen


-----Ursprüngliche Nachricht-----
Von: Len Bellemore [mailto:Len.Bellemore@alternativenetworks.com]
Gesendet: Mittwoch, 16. März 2016 18:22
An: S. Brüseke - proIO GmbH; users@cloudstack.apache.org
Betreff: RE: Persisting Source IP on Load Balancers

Thanks Swen,

OK, then I suppose my next question would be, could I then terminate the SSL on the virtual router, and then follow your suggestion?

Thanks
Len

-----Original Message-----
From: S. Brüseke - proIO GmbH [mailto:s.brueseke@proio.com]
Sent: 16 March 2016 16:53
To: users@cloudstack.apache.org
Cc: Bellemore, Len - Data Analytics
Subject: AW: Persisting Source IP on Load Balancers

Hi Len,

you need to change the LogFormat on the target servers behind the LB.

If you are using apache2 do the this:

1. open your apache2 conf file
2. add "LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O" common_lb" to the LogFormat section 3. open your vhost file and swap "common" to "common_lb" in your CustomLog line.
4. Restart apache2

Now you can see the client IP in the log.

This will only work with http and not with https traffic because LB cannot open https traffic.

Mit freundlichen Grüßen / With kind regards,

Swen


-----Ursprüngliche Nachricht-----
Von: Len Bellemore [mailto:Len.Bellemore@alternativenetworks.com]
Gesendet: Mittwoch, 16. März 2016 16:15
An: users@cloudstack.apache.org
Betreff: Persisting Source IP on Load Balancers

Hi Guys,

Does anyone know if it is possible to preserve the source IP that is coming in to servers behind the virtual router load balancer?

In my web servers logs, every connection is from the virtual router.

Thanks
Len


- proIO GmbH -
Geschäftsführer: Swen Brüseke
Sitz der Gesellschaft: Frankfurt am Main

USt-IdNr. DE 267 075 918
Registergericht: Frankfurt am Main - HRB 86239

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. 
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. 
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. 

This e-mail may contain confidential and/or privileged information. 
If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail.  
Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. 




- proIO GmbH -
Geschäftsführer: Swen Brüseke
Sitz der Gesellschaft: Frankfurt am Main

USt-IdNr. DE 267 075 918
Registergericht: Frankfurt am Main - HRB 86239

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. 
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. 
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. 

This e-mail may contain confidential and/or privileged information. 
If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail.  
Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

AW: Persisting Source IP on Load Balancers

Posted by "S. Brüseke - proIO GmbH" <s....@proio.com>.
Hi Len,

I am not aware of a solutions for ssl traffic for this. 
A workaround would be to delete loadbalancing for ssl on the VR and create a nginx instance running ssl lb.

Mit freundlichen Grüßen / With kind regards,

Swen


-----Ursprüngliche Nachricht-----
Von: Len Bellemore [mailto:Len.Bellemore@alternativenetworks.com] 
Gesendet: Mittwoch, 16. März 2016 18:22
An: S. Brüseke - proIO GmbH; users@cloudstack.apache.org
Betreff: RE: Persisting Source IP on Load Balancers

Thanks Swen,

OK, then I suppose my next question would be, could I then terminate the SSL on the virtual router, and then follow your suggestion?

Thanks
Len

-----Original Message-----
From: S. Brüseke - proIO GmbH [mailto:s.brueseke@proio.com] 
Sent: 16 March 2016 16:53
To: users@cloudstack.apache.org
Cc: Bellemore, Len - Data Analytics
Subject: AW: Persisting Source IP on Load Balancers

Hi Len,

you need to change the LogFormat on the target servers behind the LB.

If you are using apache2 do the this:

1. open your apache2 conf file
2. add "LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O" common_lb" to the LogFormat section 3. open your vhost file and swap "common" to "common_lb" in your CustomLog line.
4. Restart apache2

Now you can see the client IP in the log.

This will only work with http and not with https traffic because LB cannot open https traffic.

Mit freundlichen Grüßen / With kind regards,

Swen


-----Ursprüngliche Nachricht-----
Von: Len Bellemore [mailto:Len.Bellemore@alternativenetworks.com]
Gesendet: Mittwoch, 16. März 2016 16:15
An: users@cloudstack.apache.org
Betreff: Persisting Source IP on Load Balancers

Hi Guys,

Does anyone know if it is possible to preserve the source IP that is coming in to servers behind the virtual router load balancer?

In my web servers logs, every connection is from the virtual router.

Thanks
Len


- proIO GmbH -
Geschäftsführer: Swen Brüseke
Sitz der Gesellschaft: Frankfurt am Main

USt-IdNr. DE 267 075 918
Registergericht: Frankfurt am Main - HRB 86239

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. 
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. 
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. 

This e-mail may contain confidential and/or privileged information. 
If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail.  
Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. 




- proIO GmbH -
Geschäftsführer: Swen Brüseke
Sitz der Gesellschaft: Frankfurt am Main

USt-IdNr. DE 267 075 918
Registergericht: Frankfurt am Main - HRB 86239

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. 
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, 
informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. 
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. 

This e-mail may contain confidential and/or privileged information. 
If you are not the intended recipient (or have received this e-mail in error) please notify 
the sender immediately and destroy this e-mail.  
Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

RE: Persisting Source IP on Load Balancers

Posted by Len Bellemore <Le...@alternativenetworks.com>.
Thanks Swen,

OK, then I suppose my next question would be, could I then terminate the SSL on the virtual router, and then follow your suggestion?

Thanks
Len

-----Original Message-----
From: S. Brüseke - proIO GmbH [mailto:s.brueseke@proio.com] 
Sent: 16 March 2016 16:53
To: users@cloudstack.apache.org
Cc: Bellemore, Len - Data Analytics
Subject: AW: Persisting Source IP on Load Balancers

Hi Len,

you need to change the LogFormat on the target servers behind the LB.

If you are using apache2 do the this:

1. open your apache2 conf file
2. add "LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O" common_lb" to the LogFormat section 3. open your vhost file and swap "common" to "common_lb" in your CustomLog line.
4. Restart apache2

Now you can see the client IP in the log.

This will only work with http and not with https traffic because LB cannot open https traffic.

Mit freundlichen Grüßen / With kind regards,

Swen


-----Ursprüngliche Nachricht-----
Von: Len Bellemore [mailto:Len.Bellemore@alternativenetworks.com]
Gesendet: Mittwoch, 16. März 2016 16:15
An: users@cloudstack.apache.org
Betreff: Persisting Source IP on Load Balancers

Hi Guys,

Does anyone know if it is possible to preserve the source IP that is coming in to servers behind the virtual router load balancer?

In my web servers logs, every connection is from the virtual router.

Thanks
Len


- proIO GmbH -
Geschäftsführer: Swen Brüseke
Sitz der Gesellschaft: Frankfurt am Main

USt-IdNr. DE 267 075 918
Registergericht: Frankfurt am Main - HRB 86239

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. 
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. 
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. 

This e-mail may contain confidential and/or privileged information. 
If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail.  
Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

AW: Persisting Source IP on Load Balancers

Posted by "S. Brüseke - proIO GmbH" <s....@proio.com>.
Hi Len,

you need to change the LogFormat on the target servers behind the LB.

If you are using apache2 do the this:

1. open your apache2 conf file
2. add "LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %O" common_lb" to the LogFormat section
3. open your vhost file and swap "common" to "common_lb" in your CustomLog line.
4. Restart apache2

Now you can see the client IP in the log.

This will only work with http and not with https traffic because LB cannot open https traffic.

Mit freundlichen Grüßen / With kind regards,

Swen


-----Ursprüngliche Nachricht-----
Von: Len Bellemore [mailto:Len.Bellemore@alternativenetworks.com] 
Gesendet: Mittwoch, 16. März 2016 16:15
An: users@cloudstack.apache.org
Betreff: Persisting Source IP on Load Balancers

Hi Guys,

Does anyone know if it is possible to preserve the source IP that is coming in to servers behind the virtual router load balancer?

In my web servers logs, every connection is from the virtual router.

Thanks
Len


- proIO GmbH -
Geschäftsführer: Swen Brüseke
Sitz der Gesellschaft: Frankfurt am Main

USt-IdNr. DE 267 075 918
Registergericht: Frankfurt am Main - HRB 86239

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. 
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, 
informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. 
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet. 

This e-mail may contain confidential and/or privileged information. 
If you are not the intended recipient (or have received this e-mail in error) please notify 
the sender immediately and destroy this e-mail.  
Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.