Re: "transparent mode"

From: Willy Tarreau <w#1wt.eu>
Date: Thu, 9 Jun 2011 22:40:13 +0200


Hi Robert,

On Thu, Jun 09, 2011 at 04:23:46PM -0400, Robert Lassiter wrote:
> I am sure it's been asked before, I can find some vague references on how to accomplish this but nothing that does not include recompiling the kernel. I think these posts are out of date. So, sorry in advance but here's the question. I have about 1000 listen (groups) and need to pass the client IP to the physical server that receives the http request. And this is all HTTP, nothing else...

If it's HTTP, then "option forwardfor" is preferred. It adds the well known "X-Forwarded-For" header in the request and the servers will be able to use it to retrieve the client's IP address. There are modules for virtually every server to use it, check mod_rpaf for Apache.

If you want to enable transparent mode, you'll have to use a very recent kernel (or a patched one), make a non-trivial configuration, and change all of your servers' routing so that their default gateway becomes the machine running haproxy, because the return traffic must pass there too.

Quite frankly, if you manage the web servers yourself, the best solution is the X-Forwarded-For header !

Regards,
Willy Received on 2011/06/09 22:40

This archive was generated by hypermail 2.2.0 : 2011/06/09 22:45 CEST