Open Stack

Hello Michael, I forgot to ask if the configuration you suggested can
support acl for clients ip address.
Ignazio

Il Ven 17 Lug 2020, 19:17 Michael Johnson <johnsomor at gmail.com> ha scritto:

> Hi Ignazio,
>
> Currently the amphora driver does not support passing the client
> source IP directly to the backend member server.
>
> However there are a few ways to accomplish this using the amphora driver:
> 1. Use the proxy protocol for the pool.
> 2. Terminate the HTTPS on the load balancer and add the X-Forwarded-For
> header.
>
> To use the PROXY protocol you would set up the load balancer like this:
> 1. Create the load balancer.
> 2. Create the listener using HTTPS pass through, so either the "HTTPS"
> or "TCP" protocol.
> 3. Create the pool using the "PROXY" protocol option.
> 4. Add your members and health manager as you normally do.
>
> Then, on the web servers enable PROXY protocol.
> On apache this is via the mod_remoteip module and the
> RemoteIPProxyProtocol directive. See:
>
> https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html#remoteipproxyprotocol
> On nginx it is enabled with the "proxy_protocol" directive. See:
>
> https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/
>
> Pretty much every web server has support for it.
>
> Michael
>
> On Fri, Jul 17, 2020 at 10:01 AM Ignazio Cassano
> <ignaziocassano at gmail.com> wrote:
> >
> > Hello all, I have some end users who want to receive on their load
> balanced web servers the client ip address for acl.
> > They also want the https connection is terminated on web servers and not
> on load balancer.
> > Can I solve with octavia ?
> > I read haproxy can act as transparent only when it is the default router
> of backends.
> > In our use case the default router is not the load balancer.
> > Any help, please?
> > Ignazio
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200717/58448c24/attachment-0001.html>