Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Source IP detection #146

tamalsaha opened this issue Jun 6, 2017 · 0 comments


None yet
1 participant
Copy link

commented Jun 6, 2017

tamalsaha added a commit that referenced this issue Jun 8, 2017

Use true to preserve source IP (#…

This preserves source IP for LoadBalancer type ingresses  for aws, gce, gke, azure. The actual configuration generated depends on the underlying cloud provider.

 - gce, gke, azure: Adds annotation OnlyLocal
to services used to expose HAProxy.

- aws: Enforces the use of the PROXY protocol over any connection accepted by any of
the sockets declared on the same line. Versions 1 and 2 of the PROXY protocol
are supported and correctly detected. The PROXY protocol dictates the layer
3/4 addresses of the incoming connection to be used everywhere an address is
used, with the only exception of "tcp-request connection" rules which will
only see the real connection address. Logs will reflect the addresses
indicated in the protocol, unless it is violated, in which case the real
address will still be used.  This keyword combined with support from external
components can be used as an efficient and reliable alternative to the
X-Forwarded-For mechanism which is not always reliable and not even always
usable. See also "tcp-request connection expect-proxy" for a finer-grained
setting of which client is allowed to use the protocol.
ref:  (this was implemented in #144)

Fixes #146, #100
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.