First, follow this guide and determine what is needed beyond the scope of Lawrence Systems’ tutorial.
Notes:
- Some HAProxy settings will apply correctly after hitting save and apply. Others don’t. If you run into issues, reboot the PFSense firewall when it is most appropriate. Issues like SSL not offloading or error 400 – bad port. Server was expecting 443 and received 80. All of your settings may be correct however, a reboot finalizes the apply of those.
Retain Remote IP of client
This is useful when you need to pass-through the client’s public IP to the server for logging, security, or other access requirements. Otherwise, HAProxy will pass the PFSense LAN IP (example: 192.168.1.1) as the client’s.
This is set in the backend of each server, not frontend, of HAProxy.
Under a server backend, go-to the bottom and expand Advanced, then enter the below in Backend pass thru
option forwardfor
Hit save and apply.
Then we need to update the Apache2 server configuration with a command and editing the config file.
Log into the server as root and do the following.
a2enmod remoteipThen restart Apache2 service
systemctl restart apache2Edit the Apache2 config with the two aspects. Using the text editor nano:
nano /etc/apache2/apache2.confLook for the line below and change the %h to %a
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combinedShould look like this:
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combinedThen scroll to the bottom of the config file and add:
# HaProxy Forward for Enable
RemoteIPHeader X-Forwarded-ForRestart the service again then test your app to see if client IP’s are being passed through.
systemctl restart apache2