Available for personal testing: Haproxy is configured with HTTP forwarding to transparently transmit real IP addresses

2024.02.10



InternetNetwork management
Haproxy implements Layer 4 forwarding (HTTP forwarding) and Layer 7 forwarding (TCP forwarding), and is commonly used for load balancing. When configuring Haproxy, you can use a reverse proxy to access the server using algorithms such as round-robin.

conception

Haproxy is a high-performance load balancer and proxy server that is mainly used to distribute and manage network traffic to ensure high availability and performance of the service. The following is an explanation of how Haproxy configures http forwarding and transparent IP addresses:

  1. Configure HTTP forwarding:
  • Haproxy implements Layer 4 forwarding (HTTP forwarding) and Layer 7 forwarding (TCP forwarding), and is commonly used for load balancing. When configuring Haproxy, you can use a reverse proxy to access the server using algorithms such as round-robin.
  1. IP address of the transparent transmission client:
  • In the actual network environment, the IP location area of the client is very important information for the server, especially for scenarios such as IP restriction and analysis of access logs. However, in a traditional load balancing environment, due to the characteristics of the network layer, the real IP location area of the client will be tampered with by the proxy server, resulting in the server being unable to obtain the real IP location area of the client. Therefore, it is very important to implement transparent client IP addresses.
  • Haproxy can transparently transmit the real IP address of the client through configuration and some technical means.

Environmental Information:

42.51.60.76   Haproxy
42.51.60.105  Nginx
  • 1.
  • 2.

Haproxy configuration:

1. Combined writing

listen dean
 bind 42.51.60.76:80
 mode http              #模式改为http
 option forwardfor      #开启forwardfor选项
 server web1 42.51.60.105:80 check inter 3000 fall3 rise 5
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.

2. Write separately

frontend dean
    bind *:80
    mode http              #模式改为http
    option forwardfor      #开启forwardfor选项
    option httpclose
    default_backend web_server
backend web_server
    mode http
    balance source        # 负载均衡,根据请求的源IP
    server web1 42.51.60.105:80
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
If you access 42.51.60.76, you can view the Nginx access log of 42.51.60.105 and obtain the real IP address of the client

图片