HAProxy Load Balancer help

Question

Anyone out there familiar with using HA Proxy for a load balancer? We recently began using a load balancer with a public IP routing to our internal JSS servers with an internal IP. The problem we have is the internal IP is now showing for just about every iOS and OS X device. we have followed just about every suggestion on the boards.

Ensured Apache Tomcat settings in the JSS was set to Enable Remote IP Valve,

Modified the Server.xml to contain 
<Valve
className=&#034;org.apache.catalina.valves.RemoteIpValve&#034;
internalProxies=&#034;x.x.x.x&#034;
trustedProxies=&#034;x.x.x.x&#034;
remoteIpHeader=&#034;x-forwarded-for&#034;
remoteIpProxiesHeader=&#034;x-forwarded-by&#034;
protocolHeader=&#034;x-forwarded-proto&#034;/>

setting the &#034;x.x.x.x&#034; to both the internal IP and the external IP.

We have done a hybrid of all of the above.

Any assistance would be greatly appreciated.

martin11 · Accepted Answer

Hi @mradams,Server.xml should at least contain the following options: And do not forget to add the jvmRoute: We have used port 8080 (directly from HAProxy) and now use 8009 (via HAProxy and Apache Proxy).

localhorst · Answer

We found it quite helpful to include the forwardfor and httpclose options for our jss backend in our haproxy configuration:

backend jss-cluster

    balance source

    option forwardfor

    option httpclose

    option httpchk

    server jss-node-0 jss-node-0.acme.http:443 ssl ca-file /etc/ssl/certs/ACMErootCA.pem verify required check

    server jss-node-1 [...]

    [...]

Our Tomcat server.xml only requires

 <Valve 

          className="org.apache.catalina.valves.RemoteIpValve"

          internalProxies="1.2.3.4"

      />

to make the magic happen.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded