[openstack][octavia] transparent
Michael Johnson
johnsomor at gmail.com
Fri Jul 17 17:17:46 UTC 2020
Hi Ignazio,
Currently the amphora driver does not support passing the client
source IP directly to the backend member server.
However there are a few ways to accomplish this using the amphora driver:
1. Use the proxy protocol for the pool.
2. Terminate the HTTPS on the load balancer and add the X-Forwarded-For header.
To use the PROXY protocol you would set up the load balancer like this:
1. Create the load balancer.
2. Create the listener using HTTPS pass through, so either the "HTTPS"
or "TCP" protocol.
3. Create the pool using the "PROXY" protocol option.
4. Add your members and health manager as you normally do.
Then, on the web servers enable PROXY protocol.
On apache this is via the mod_remoteip module and the
RemoteIPProxyProtocol directive. See:
https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipproxyprotocol
On nginx it is enabled with the "proxy_protocol" directive. See:
https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
Pretty much every web server has support for it.
Michael
On Fri, Jul 17, 2020 at 10:01 AM Ignazio Cassano
<ignaziocassano at gmail.com> wrote:
>
> Hello all, I have some end users who want to receive on their load balanced web servers the client ip address for acl.
> They also want the https connection is terminated on web servers and not on load balancer.
> Can I solve with octavia ?
> I read haproxy can act as transparent only when it is the default router of backends.
> In our use case the default router is not the load balancer.
> Any help, please?
> Ignazio
>
More information about the openstack-discuss
mailing list