I use haproxy with nginx and ocserver (its vpn server which uses a certificate for authorization on my domain vpn.example.com). Works great, but my configuration uses “frontend tcp” mode, which does not allow pass “option forwardfor” to save the ip address in the nginx logs. I don’t understand how to change the configuration to make it work.
haproxy.cfg
frontend https
bind 142.251.1.102:443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
use_backend ocserv if { req_ssl_sni -i vpn.example.com }
use_backend nginx if { req_ssl_sni -i site1.com }
use_backend nginx if { req_ssl_sni -i site2.com }
use_backend nginx if { req_ssl_sni -i site3.com }
default_backend ocserv
backend ocserv
mode tcp
option ssl-hello-chk
server ocserv 127.0.0.1:443 send-proxy-v2
backend nginx
mode tcp
option forwardfor
option tcp-check
server nginx 127.0.0.2:443 check
1 post - 1 participant