HaProxy forward the source IP to the backend server

Question

I have the following HaProxy configuration:

frontend smtp
    bind :25 accept-proxy
    default_backend smtp_backend


backend smtp_backend
    mode tcp
    timeout server 1m
    timeout connect 5s

    server srv1 127.0.0.1:2500 send-proxy check maxconn 500

That is being a Load Balancer (AWS). I need to know the IP of the Load Balancer.

Looking at the logs on HaProxy, I have the following lines:

Jul 1 16:00:03 ip-172-31-1-100 haproxy[10350]: Connect from 172.31.1.5:35040 to 172.31.1.100:25 (smtp/TCP)

So HaProxy get the proper source IP of the Load Balancer (I'm not looking for the client at that level).

But when showing the IP/Port on the destination server, I get the local IP : 127.0.0.1.

I suspect it's because of server srv1 127.0.0.1:2525 send-proxy check maxconn 500 line, but how can I get the IP of the Load Balancer on my end server?

(note: Once the connection is established, AWS Target Group sends me a Proxy v2 command that allows me to get the client IP address, and this works, but I first need to get that 172.31.1.5 IP from the Load Balancer).

Answer 1

Did you enable the proxy protocol in your backend server? (eg. in nginx)

Answer 2

Unfortunately, Haproxy will only support ip forwarding in HTTP mode through some headers.

In your case, you need to use specially compiled HAproxy - TProxy.

Docs: https://www.haproxy.com/blog/howto-transparent-proxying-and-binding-with-haproxy-and-aloha-load-balancer/

This will support forwarding client ip(AWS load balancer IP in your case) even in TCP mode.