search

eBayClassifiedsGroup / PanteraS

PanteraS - PaaS - Platform as a Service in a box
GNU General Public License v2.0
200 stars 61 forks source link

Where is consul template file for HAproxy? #292

Closed kopax closed 5 years ago

kopax commented 6 years ago

Hi Sielaq,

I have an issue when hosting postfix behind HAproxy load balancer.

Postfix is not knowing the "Real" Ip and can't ban spammer.

Before removing the load balancing, I am attempting two option:

  1. Add send-proxy to the load balancing rule in HAproxy and see https://iomarmochtar.wordpress.com/2017/11/21/using-haproxy-against-zimbra-mta-services-reveal-origin-ip/.

## port 25
frontend smtp-25
        bind *:27
        default_backend backend-smtp-25

backend backend-smtp-25
        server mail1 192.168.113.77:26 send-proxy
        server mail2 192.168.113.78:26 send-proxy 

## port 465
frontend smtp-465
        bind *:467
        default_backend backend-smtp-465

backend backend-smtp-465
        server mail1 192.168.113.77:466 send-proxy
        server mail2 192.168.113.78:466 send-proxy 

## port 587
frontend smtp-587
        bind *:589
        default_backend backend-smtp-587

backend backend-smtp-587
        server mail1 192.168.113.77:588 send-proxy
        server mail2 192.168.113.78:588 send-proxy
  1. Using Tproxy https://www.haproxy.org/download/1.8/doc/configuration.txt
        backend transparent_smtp
            # Connect to the SMTP farm from the client's source address/port
            # with Tproxy version 4.
            source 0.0.0.0 usesrc clientip

How should I add those option in the load balancer so I can track the outside ip for incoming mails?

Also, I see here https://github.com/eBayClassifiedsGroup/PanteraS/commit/2473fdca78a8b1d1828bd4e7579309fb53a4a87d#diff-6e3301c94e4de897ec67fa9735a848d5 that you have replaced HAproxy with Fabio.

Did you stop supporting HAproxy in the latest version?

The documentation in the README.md doesn't seems up to date

I tried to migrate HAproxy to Fabio a few time already and I always got stuck restoring the interface configuration and it's security.

It would be nice if you could help us understanding how to migrate.

Thanks in advance,

sielaq commented 5 years ago

Haproxy is dropped

kopax commented 5 years ago

Hi Sieqla, well noted. Is there a migration guide somewhere? From your POV should it be trivial to perform the upgrade now?