I’m new to HAProxy and i’m currently migrating my proxy server from NGINX to to HAProxy. One of the requirements i have is that I can do hostheader based routing without SSL offloading but that my application that is behind haproxy can fetch the source IP addresses. For http traffic it is working, https traffic itself is also working but my application sees the IP address of the haproxy and not the address of the source. Any help is welcome. This is how my config looks like currently:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http_front
bind *:80
acl is_admin hdr(host) -i admin.XXXXXXXXXXXXX.net
use_backend http_back if is_admin
default_backend error_page
http-request set-header X-Forwarded-For %[src]
http-request set-header Upgrade Websocket
http-request set-header Host %[hdr(host)]
frontend https_front
bind *:443
mode tcp
option tcplog
acl is_admin_ssl req.ssl_sni -i admin.XXXXXXXXXXXX.net
use_backend https_back if is_admin_ssl
default_backend error_page
backend http_back
server server1 10.1.0.7:80 maxconn 32
backend https_back
mode tcp
option ssl-hello-chk
server server1 10.1.0.7:443
backend error_page
mode http
errorfile 503 /etc/haproxy/errors/503.http
1 post - 1 participant