HAProxy Enterprise Documentation 2.4r1

Enable the Proxy Protocol

When HAProxy Enterprise proxies a TCP connection, it overwrites the client's source IP address with its own when communicating with the backend server. The Proxy Protocol adds a header to a TCP connection to preserve the client's IP address. This method solves the lost-client-IP problem for any application-layer protocol that transmits its messages over TCP/IP. To work, both the sender (the load balancer) and receiver (backend server) must support the protocol and have it enabled.

HAProxy Enterprise adds the header to connections before relaying them to upstream servers. When placed behind another proxy, it can also receive the Proxy Protocol header attached to the incoming connection. This feature supports IPv4 and IPv6 addresses.

  • To accept a Proxy Protocol header on incoming TCP connections, add an accept-proxy parameter to the bind line in a frontend section. This parameter detects both Proxy Protocol version 1 (text format) and Proxy Protocol version 2 (binary format).

  • To send a Proxy Protocol header to the backend server, add a send-proxy parameter to the server lines in a backend section if you want to send a Proxy Protocol version 1 header (text format).

    Add a send-proxy-v2 parameter to send a Proxy Protocol version 2 header (binary format).

    Accepts the Proxy Protocol header from incoming connections and also attaches the Proxy Protocol header to outgoing connections.

    frontend mywebsite
      bind :80 accept-proxy
      default_backend webservers
    
    backend webservers
      balance roundrobin
      server s1 192.168.56.20:3000 check send-proxy
      server s2 192.168.56.21:3000 check send-proxy

Next up

Response Body Injection
HAProxyConf 2022 - Call for papers