Forward original IP addresses to machines behind haproxy/LB #290

New Issue

Closed

opened 2021-01-18 12:17:55 +00:00 by raucao · 2 comments

raucao commented 2021-01-18 12:17:55 +00:00

Owner

Copy Link

A bit more involved, but if we want client IP addresses being available in forwarded TCP traffic, it seems to be the only way:

https://medium.com/snapt/haproxy-and-tproxy-99bcf6ce16cf

A bit more involved, but if we want client IP addresses being available in forwarded TCP traffic, it seems to be the only way: https://medium.com/snapt/haproxy-and-tproxy-99bcf6ce16cf

raucao added the

feature

label 2021-01-18 12:17:55 +00:00

raucao referenced this issue 2021-01-20 12:12:54 +00:00

Make IPFS in VMs available for p2p connections from the outside #229

raucao added

idea

and removed

feature

labels 2022-08-23 13:03:41 +00:00

raucao commented 2022-10-19 09:54:52 +00:00

Author

Owner

Copy Link

There's also the proxy protocol, and it is supported by a surprising amount of applications, incl. ejabberd and nginx.

• https://www.process-one.net/blog/proxy-protocol-in-ejabberd/
• https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/

There's also the proxy protocol, and it is supported by a surprising amount of applications, incl. ejabberd and nginx. * https://www.process-one.net/blog/proxy-protocol-in-ejabberd/ * https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/

raucao changed title from Set up TPROXY IP address spoofing/forwarding for HAProxy hosts to Forward original IP addresses to machines behind haproxy/LB 2022-10-19 09:55:15 +00:00

raucao removed the

idea

label 2022-10-19 09:55:24 +00:00

raucao self-assigned this 2022-10-24 10:49:40 +00:00

raucao commented 2023-03-30 09:21:51 +00:00

Author

Owner

Copy Link

Closing, since we recently configured proxy protocol for haproxy/ejabberd, and almost phased out haproxy for HTTPS already (in favor of nginx vhosts on the host/LB).

Closing, since we recently configured proxy protocol for haproxy/ejabberd, and almost phased out haproxy for HTTPS already (in favor of nginx vhosts on the host/LB).

raucao closed this issue 2023-03-30 09:21:51 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

bugfix/substr_url_matching

notes/ejabberd_ldap_photo

feature/akaunting

chore/ejabberd_service_avatar

feature/237-gitea_gpg

jammy_jellyfish

No results found.

Labels

Clear labels

service

accounts

Kosmos Accounts

service

discourse

Kosmos Community Forums

service

drone-ci

Kosmos Drone CI

service

email

mail.kosmos.org

service

garage

S3-compatible object storage

service

gitea

Kosmos Gitea

service

ipfs

Kosmos IPFS

service

mastodon

kosmos.social

service

postgres

Database cluster

service

remotestorage

Portable data storage for the Web

service

wiki

Kosmos Wiki

service

xmpp

Kosmos Chat

bug

Something is not working

design

Graphic/visual design

dev environment

Config, builds, CI, deployment, etc.

docs

Documentation

duplicate

This issue or pull request already exists

enhancement

Improving existing functionality

feature

New functionality

good first issue

Dive in, and start contributing

idea

Something to consider

invalid

Not a bug

kredits-1

Small contribution

kredits-2

Medium contribution

kredits-3

Large contribution

on hold

Currently not actionable

ops

Manual IT ops activities

question

Looking for an answer

release

major

release

minor

release

patch

security

All your base are belong to us

ui/ux

User interface, process design, etc.

wontfix

This won't be fixed

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

bkero bumi fsmanuel galfert greg hueso raucao slvrbckt

No Assignees raucao

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kosmos/chef#290

No description provided.