forwardfor information is missing

Posted by FAFA on Server Fault See other posts from Server Fault or by FAFA
Published on 2012-11-14T10:00:31Z Indexed on 2012/11/14 11:05 UTC
Read the original article Hit count: 309

Filed under:

load-balancing

|

https

|

haproxy

I use following configuration to load balance https connections, using haproxy 1.4.8. SSL offloading is done by apache.

listen ssl_to_waf 192.168.101.54:443
mode tcp
balance roundrobin
option ssl-hello-chk

server wafA 192.168.101.61:444 check
listen ssl_from_waf 192.168.101.61:445
balance roundrobin
option forwardfor

server webA 192.168.101.46:80 check

For HTTP requests this works great, requests are distributed to my Apache servers just fine. But for HTTPS request, I lose the "forwardfor" information. I need to save the client IP address. How can I use HAproxy to load balance across a number of SSL servers, allowing those servers to know the client's IP address?

© Server Fault or respective owner

Related posts about load-balancing

Failover or load balancing configuration on Apple Xserve and Mac OS X Server Snow Leopard (10.6)

as seen on Server Fault - Search for 'Server Fault'
I'm currently installing a number of Apple Xserve boxes running Mac OS X Server (10.6). After poking and prodding for a while I can't find any obvious way, or documentation telling me how, to set up the 2 ethernet ports in a failover or load-balancing configuration. There seems to be an obvious… >>> More
Conceptually how does load-balancing on the EJB tier work in Glassfish/any ejb container

as seen on Stack Overflow - Search for 'Stack Overflow'
I am wondering conceptually how load-balancing works on the EJB-level (not web session replication) with Java EE containers like Glassfish. From what I have gleaned your remote interface is a proxy that delegates your call to one of many servers you may have in an environment. If things fail are… >>> More
Do i need a dedicated server for load balancing?

as seen on Server Fault - Search for 'Server Fault'
I'm completely new to the concept of load balancing so i hope this question isn't a "stupid question" because i've been searching around and im having a hard time understanding this. So to my understanding, in order to load balance, i need a separate machine with an ip address i can direct all traffic… >>> More
Load balancing and sessions

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi there, What is the better approach for load balancing on web servers? My services run in .NET and Mono, so they could be hosted on IIS or Apache2, and the will have to provide SSL connection. I've read two main approaches, store the state in a common server and use sticky sessions, there is any… >>> More
Loadbalancing outbound traffic while using openbgpd on freebsd

as seen on Server Fault - Search for 'Server Fault'
Hi, I am using openbgpd in freeBSD with 2 ISP connections. I have my own AS number and a /22 network. Currently I am advertising entire /22 to both networks. Inbound traffic comes in But my outbound traffic goes via a single link. I would like to either distribute my outbound traffic via both links… >>> More

Related posts about https

Need Java https proxy which can be enhanced to emulate production https proxy behaviour

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a production environment which require access through a proxy server. Occasionally said server returns blank responses badly confusing the Metro web service library causing all kinds of interesting RuntimeExceptions. I believe the proxy is Squid. In order to handle these better, I would… >>> More
How To Find Out If You are Using HTTPS Without $_SERVER['HTTPS']

as seen on Stack Overflow - Search for 'Stack Overflow'
I've seen many tutorials online that says you need to check $_SERVER['HTTPS'] if the server is connection is secured with HTTPS. My problem is that on some of the servers I use, $_SERVER['HTTPS'] is an undefined variable that results in an error. Is there another variable I can check that should always… >>> More
Redirect request from https domain to https subdomain with only one certificate

as seen on Server Fault - Search for 'Server Fault'
I'm trying to redirect users to a subdomain in server2 if they make an https request to server1. I only have one certificate, and that's installed on server2. So for instance, from (server1) https://www.example.com to (server2) https://ssl.example.com My best guess is that I will need a certificate… >>> More
Apache: https to https redirect

as seen on Super User - Search for 'Super User'
I'm trying to get Apache to redirect all http and https traffic to a single endpoint www.example.org. The http part is easy: <VirtualHost *:80> ServerName example.org Redirect permanent / https://www.example.org/ </VirtualHost> # long list of other domains, all redirecting to… >>> More
SSL / HTTP / No Response to Curl

as seen on Server Fault - Search for 'Server Fault'
I am trying to send commands to a SOAP service, and getting nothing in reply. The SOAP service is at a completely separate site from either server I am testing with. I have written a dummy script with the SOAP XML embedded. When I run it at my local site, on any of three machines -- OSX, Ubuntu,… >>> More