HAProxy Enterprise Documentation 2.4r1

Enable the Proxy Protocol

When HAProxy Enterprise proxies a TCP connection, it overwrites the client's source IP address with its own when communicating with the backend server. The Proxy Protocol adds a header to a TCP connection to preserve the client's IP address. This method solves the lost-client-IP problem for any application-layer protocol that transmits its messages over TCP/IP. To work, both the sender (the load balancer) and receiver (backend server) must support the protocol and have it enabled.

HAProxy Enterprise adds the header to connections before relaying them to upstream servers. When placed behind another proxy, it can also receive the Proxy Protocol header attached to the incoming connection. This feature supports IPv4 and IPv6 addresses.

To accept a Proxy Protocol header on incoming TCP connections, add an accept-proxy parameter to the bind line in a frontend section. This parameter detects both Proxy Protocol version 1 (text format) and Proxy Protocol version 2 (binary format).
To send a Proxy Protocol header to the backend server, add a send-proxy parameter to the server lines in a backend section if you want to send a Proxy Protocol version 1 header (text format).

Add a send-proxy-v2 parameter to send a Proxy Protocol version 2 header (binary format).
Accepts the Proxy Protocol header from incoming connections and also attaches the Proxy Protocol header to outgoing connections.
```
frontend mywebsite
  bind :80 accept-proxy
  default_backend webservers

backend webservers
  balance roundrobin
  server s1 192.168.56.20:3000 check send-proxy
  server s2 192.168.56.21:3000 check send-proxy
```

Next up

Response Body Injection

More Versions

HAProxy Products Documentation

Enable the Proxy Protocol

Your feedback is important to us!