Hello,
Recently I have been trying to further secure my servers and while looking at Xen Orchestra I noticed my proxy servers IP is being captured instead of my host system's IP. I'd like to capture the real IP address. I did look through the documentation and I did find the reverse-proxy page but it doesn't include anything for HAProxy.
https://xen-orchestra.com/docs/configuration.html#reverse-proxy
Has anyone had success capturing the real IP address through HAProxy?
Right now I have HAProxy working in terms of being functional. I can use XO without an issue at all except the IP addresses in the log shows as my reverse proxy IP no matter who device makes changes.
I've tried adding some other configuration options shown below but it's still not seeing the real IP address.
http-request add-header X-Forwarded-Host %[req.hdr(Host)]
http-request add-header X-Forwarded-Proto https
This is what my backend looks like:
backend xoce.local_ipvANY
mode http
id 102
log global
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
http-request add-header X-Forwarded-Host %[req.hdr(Host)]
http-request add-header X-Forwarded-Proto https
acl ip_whitelist src 192.168.220.0/24 192.168.110.0/24 172.16.100.0/24
acl restrict_login var(txn.txnhost) -m str -i xoce.assurecs.net
http-request set-var(txn.txnhost) hdr(host)
http-request deny deny_status 403 if restrict_login !ip_whitelist
server xoce.local 192.168.110.250:443 id 103 ssl check inter 1000 verify none crt /var/etc/haproxy/server_clientcert_64207b5c00cc3.pem