@aliaj00 wrote:
Hi Guys,
I am trying to configure cas servers to use a haproxy+keepalive with the main cert for the site on haproxy and wildcard certs for the CAS servers in the pool.
I can get to the CAS Servers but if i got to tomcat management portal it shows as the client ip the one of the haproxy instead of the client i am accessing it from.the configuration i am having so far is the following: #--------------------------------------------------------------------- # Example configuration for a possible web application. See the # full configuration options online. # # http://haproxy.1wt.eu/download/1.4/doc/configuration.txt # #--------------------------------------------------------------------- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # log 127.0.0.1 local2 debug ##TT ADDING LOGGING TO RSYSLOG ON 127.0.0.1 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon # turn on stats unix socket stats socket /var/lib/haproxy/stats #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 option redispatch retries 3 timeout http-request 10s timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s maxconn 3000 #TT stats enable stats uri /stats stats realm Haproxy\ Statistics stats auth******:********* #--------------------------------------------------------------------- # main frontend which proxys to the backends #--------------------------------------------------------------------- frontend main bind 10.1.1.112:8443,10.2.1.3:8443 ssl crt /etc/pki/tls/private/casdev.test.lab-conmbined-key-and-cert.pem # bind *:8443 ssl crt /etc/pki/tls/private/casdev.test.lab-conmbined-key-and-cert.pem # http-request add-header X-Client-IP %[src] # http-request add-header X-Forwarded-Port %[dst_port] # http-request add-header X-Forwarded-For %[src] # http-request add-header X-Forwarded-Proto https if { ssl_fc } reqadd X-Forwarded-Proto:\ https reqadd X-forwarded-Port:\ 8443 mode http acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js # use_backend static if url_static default_backend app ##TT frontend web1 bind 10.2.1.3:80,10.1.1.112:80 # bind 10.2.1.3:80,10.1.1.112:80 mode http acl url_static path_beg -i /static /images /javascript /stylesheets acl url_static path_end -i .jpg .gif .png .css .js default_backend web1 #--------------------------------------------------------------------- # static backend for serving up images, stylesheets and such #--------------------------------------------------------------------- backend static balance roundrobin server static 127.0.0.1:4331 check #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- #backend app # balance roundrobin # server app1 127.0.0.1:5001 check # server app2 127.0.0.1:5002 check # server app3 127.0.0.1:5003 check # server app4 127.0.0.1:5004 check ##TT backend app balance roundrobin mode http #option httpchk GET /health_check option redispatch cookie SERVERID insert indirect nocache server cas1.test.lab 10.1.1.101:8443 check ssl cookie required ca-file /etc/pki/tls/certs/ca-chain.cert.pem server cas2.test.lab 10.1.1.102:8443 check ssl cookie required ca-file /etc/pki/tls/certs/ca-chain.cert.pem backend web1 balance roundrobin mode http server web1.test.lab 10.1.1.120:80 check server web2.test.lab 10.1.1.121:80 check
Posts: 1
Participants: 1