HAProxy ALOHA Documentation 10.5

Enable the Proxy Protocol

When you configure load balancing via the LB Layer 7 tab, HAProxy ALOHA acts as a reverse proxy, managing client connections on one end and server connections on the other. The downside is that it causes the client's source IP address to be replaced with HAProxy ALOHA's IP address in connections to the servers, which misrepresents the true client in the server logs.

The Proxy Protocol solves this by adding a header containing the client's IP address to the beginning of the TCP connection. If the server supports the protocol, it can then read the correct address from the header. HAProxy ALOHA can both send and receive this header. Receiving it is useful when it sits upstream from other proxies that support the protocol.

  • To accept a Proxy Protocol header on incoming TCP connections, add an accept-proxy parameter to the bind line in a frontend section. This parameter detects both Proxy Protocol version 1 (text format) and Proxy Protocol version 2 (binary format).

  • To send a Proxy Protocol header to the backend server, add a send-proxy parameter to the server lines in a backend section if you want to send a Proxy Protocol version 1 header (text format).

    Add a send-proxy-v2 parameter to send a Proxy Protocol version 2 header (binary format).

    Accepts the Proxy Protocol header from incoming connections and also attaches the Proxy Protocol header to outgoing connections.

    frontend mywebsite
      bind :80 accept-proxy
      default_backend webservers
    
    backend webservers
      balance roundrobin
      server s1 192.168.56.20:3000 check send-proxy
      server s2 192.168.56.21:3000 check send-proxy

Next up

Add an X-Forwarded-For header
HAProxyConf 2022 - Call for papers