@olivierlambert
Let say that you have this:
- HAProxy server :
- External IP 10.1.60.130
- Internal IP 172.20.100.1
- XO server
- IP 172.20.100.2
for HAProxy to work it is needed to do this
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
#log /dev/log local2 debug
#log /dev/log local2 notice
#log 127.0.0.1 local2 info
#log 127.0.0.1 local2 notice
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
#maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
stats timeout 30s
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option dontlognull
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
#maxconn 3000
#errorfile 400 /opt/haproxy/share/err/400.http
#errorfile 403 /opt/haproxy/share/err/403.http
#errorfile 408 /opt/haproxy/share/err/408.http
#errorfile 500 /opt/haproxy/share/err/500.http
#errorfile 502 /opt/haproxy/share/err/502.http
#errorfile 503 /opt/haproxy/share/err/503.http
#errorfile 504 /opt/haproxy/share/err/504.http
#---------------------------------------------------------------------
# Port 443
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# frontend
#---------------------------------------------------------------------
frontend tb2_443
bind 10.1.60.130:443
mode tcp
option tcplog
acl tls req.ssl_hello_type 1
tcp-request inspect-delay 5s
tcp-request content accept if tls
default_backend xoce
#---------------------------------------------------------------------
# backend
#---------------------------------------------------------------------
backend xoce
mode tcp
option ssl-hello-chk
server xoce_srv 172.20.100.2:443 send-proxy check
but ...
It seams that XO don't support Proxy Protocol
Secure Connection Failed
An error occurred during a connection to 10.1.60.130. PR_END_OF_FILE_ERROR
Error code: PR_END_OF_FILE_ERROR
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
In XO code it must be included proxy-protocol ( npm install proxy-protocol ), to have this possibility.
This is the code:
const http = require('http');
const ProxyProtocol = require('proxy-protocol');
const server = http.createServer((req, res) => {
// Parse Proxy Protocol headers
const proxy = new ProxyProtocol();
const proxyData = proxy.parse(req);
// Extract client IP and Port from the parsed headers
const clientIP = proxyData && proxyData.address ? proxyData.address : req.connection.remoteAddress;
const clientPort = proxyData && proxyData.port ? proxyData.port : req.connection.remotePort;
// Handle the request
// ...
});
server.listen(3000);