Closed virtuman closed 7 years ago
According to the manual here: http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-option%20forwardfor
option forwardfor
is the one who is responsible for setting up the X-Forwarded-For
header. Can you check directly if the haproxy appends the correct IP address in the header?
I noticed there's another ticket somewhat relevant but not about this:
We have a bunch of websites running on nginx in docker swarm (1.13) and dockercloud-haproxy as the ssl termination + load balancing.
I can't figure out if there's a way to get real client's IP address from nginx containers? I think I may have found some information that because of MESH networking it's not at all possible, unless the haproxy was running in --net=host mode, but then I'm not able to have all our website's containers communicate with haproxy's swarm service since --net=host is exclusive and won't allow additional networks to this container.
Maybe i'm looking at this whole thing from the wrong perspective and any input is super highly appreciated.
here's one option that I found in default haproxy's config that is generated by dockercloud-haproxy:
I think that
option forwardfor
is responsible for sendingX-Forwarded-For
header to containers.Then in nginx containers - i have nginx configured with real-ip module enabled and specified
when I dump headers with PHP - I notice that the
X-Forwarded-For
variable has the value of haproxy's network of10.255.0.14
and not my client's IP addressThank you.