I have an haproxy in tcp mode. I have some tomcat web servers behind it and i want to get real client ip in web servers.but in tomcat logs only show haproxy ip address . thanks in advance

haproxy.cfg

global
  stats socket /var/run/api.sock user haproxy group haproxy mode 660 level admin expose-fd listeners
  log         127.0.0.1 local2 notice
  log         127.0.0.1 local3


defaults
    log     global
    mode    tcp
    option  tcplog
    retries 3
    option  redispatch
    maxconn 1000000
    timeout connect 5s
    timeout client 60s
    timeout server 60s

listen haproxy-stats
    bind  *:1936
    mode  http
    stats enable
    stats hide-version
    stats refresh 7s
    stats uri     /haproxy?stats
    stats realm   Haproxy\ Statistics
    stats auth    myhaproxy:My3h0HA123456

listen WebServer-80
     bind    *:80
     mode    tcp
     option  tcplog
     log /dev/log local0 debug
     balance leastconn
     server  portal2-w2  172.16.1.95:80 check inter 5s rise 2 fall 3
     server  portal2-w3  172.16.1.96:80 check inter 5s rise 2 fall 3
     server  portal2-w4  172.16.1.97:80 check inter 5s rise 2 fall 3


listen WebServer-443
     bind    *:443
     mode    tcp
     option  tcplog
     log /dev/log local0 debug
     balance leastconn
     server  portal2-w1  172.16.1.95:443 check inter 5s rise 2 fall 3
     server  portal2-w2  172.16.1.96:443 check inter 5s rise 2 fall 3
     server  portal2-w3  172.16.1.97:443 check inter 5s rise 2 fall 3
 


and in tomcat i added these configs to server.xml and in this configuaration  "internalProxies"  is my haproxy server.

<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" internalProxies="172.16.1.45" />

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="tomcat_access_log" suffix=".log" pattern="%t %{X-AUSERNAME}o %{User-Agent}i %a %m %r %b %s %D %I %{x-forwarded-for}i" />

I'm using haproxy Load Balancing for my tomcat web servers, and I can see my load balancer's IP address in the web server access logs. I want to capture client IP addresses instead.

CodePudding user response：

You can use the well-known HTTP header "X-Forwarded-For" may be added by HAProxy to all requests sent to the server. This header contains a value representing the client's IP address.

https://www.haproxy.com/documentation/hapee/latest/load-balancing/client-ip-preservation/add-x-forward-for-header/

CodePudding user response：

My company force me run this scenario in tcp mode because of security reason.

CodePudding user response：

I want to do it in tcp mode not in http.