You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Rob Cluett <ro...@robcluett.com> on 2012/11/30 07:45:00 UTC
[users@httpd] FW: Stunnel + HAProxy + Apache + mod_remoteip
All, I have everything working perfectly. However I cannot get any SSL
traffic which goes through the proxy to reveal it's true IP rather than the
proxy IP. I tried mod_rpaf and then moved over to mod_remoteip and I get the
same thing so I'm assuming it's something other than apache possibly?
So Using HTTP Traffic it comes in correctly but with with any HTTPS traffic
I get the proxy IP of 10.10.10.10. The logs were modfied to replace %h with
%{X-Forwarded-For}i
here are my configs:
HAPROXY.CFG:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend http_proxy
bind *:80
option http-server-close
option forwardfor
acl is_rbc-com hdr_dom(host) -i robcluett.com
acl is_rbc-net hdr_dom(host) -i robcluett.net
acl is_iom-com hdr_dom(host) -i iomerge.com
acl is_blog-rbc-com hdr_dom(host) -i blog.robcluett.com
use_backend cluster1 if is_rbc-com
use_backend cluster2 if is_rbc-net
use_backend cluster3 if is_iom-com
use_backend cluster1 if is_blog-rbc-com
backend cluster1
server web2 10.10.10.51:80
backend cluster2
server web3 10.10.10.52:80
backend cluster3
server web4 10.10.10.53:80
STUNNEL.CONF
cert = /usr/local/etc/stunnel/stunnel.pem
sslVersion = SSLv3
chroot = /usr/local/var/lib/stunnel/
setuid = root
setgid = root
pid = /stunnel.pid
fips=no
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /var/log/stunnel.log
[https]
accept = 10.10.10.10:443
connect = 10.10.10.10:80
TIMEOUTclose = 0
HTTPD.CONF
# Remote IP
RemoteIPHeader X-Forwarded-For