HAProxy Load Balancer help

Question

Anyone out there familiar with using HA Proxy for a load balancer? We recently began using a load balancer with a public IP routing to our internal JSS servers with an internal IP. The problem we have is the internal IP is now showing for just about every iOS and OS X device. we have followed just about every suggestion on the boards.

Ensured Apache Tomcat settings in the JSS was set to Enable Remote IP Valve,

Modified the Server.xml to contain 
<ValveclassName=&#034;org.apache.catalina.valves.RemoteIpValve&#034;internalProxies=&#034;x.x.x.x&#034;trustedProxies=&#034;x.x.x.x&#034;remoteIpHeader=&#034;x-forwarded-for&#034;remoteIpProxiesHeader=&#034;x-forwarded-by&#034;protocolHeader=&#034;x-forwarded-proto&#034;/>

setting the &#034;x.x.x.x&#034; to both the internal IP and the external IP.

We have done a hybrid of all of the above.

Any assistance would be greatly appreciated.

martin11 · Accepted Answer

Hi @mradams,Server.xml should at least contain the following options: And do not forget to add the jvmRoute: We have used port 8080 (directly from HAProxy) and now use 8009 (via HAProxy and Apache Proxy).

localhorst · Answer

We found it quite helpful to include the forwardfor and httpclose options for our jss backend in our haproxy configuration:

backend jss-cluster
    balance source
    option forwardfor
    option httpclose
    option httpchk
    server jss-node-0 jss-node-0.acme.http:443 ssl ca-file /etc/ssl/certs/ACMErootCA.pem verify required check
    server jss-node-1 [...]
    [...]

Our Tomcat server.xml only requires

 <Valve 
          className="org.apache.catalina.valves.RemoteIpValve"
          internalProxies="1.2.3.4"
      />

to make the magic happen.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded