Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy + Ubuntu 18.04 + 2x WordPress Servers + 1x MySQL Server

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 2 Posters 510 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • crazybrainC
      crazybrain
      last edited by

      Hi, I've implemented a DMZ consisting of frontend for webservers and a backend for database. For pre-production test I've configured HAProxy with the following configuration environment:

      • Internal VIP address of 10.1.1.50 (go-live will be WAN IP)
      • Internal DNS A record www.domain.com -> 10.1.1.50
      • Webservers address 10.1.1.11 and 10.1.1.12
      • Database server address 10.1.2.10 (only allow webservers access to DB)
      • Private Frontend using VIP address 10.1.1.50
      • Private Backend -> Webservers (WordPress on Apache2)
      • GlusterFS sync's WordPress content directory (works awesomely)

      The load-balancing/reverse proxy works as expected and I've tested the redundancy; no issues. However, my problem is with HAProxy not passing the client IP address to the Apache logs; even with "forwarded-for" box checked. I've searched google, read several articles, but most reference older versions of Apache and Apache2 has been rewritten...at least for Ubuntu 18.04.

      I know this doesn't seem to be a PF issue, but rather Apache2 log formatting. I just wanted to cover all bases especially since the "Transparent Client IP" setting in HAProxy sound to create a security risk and possibly much more which I'm not willing to risk. If anyone can offer a little guidance on overcoming this issue or point me to a good article, I'd be more than grateful. I've been using Digital Ocean's articles which have been quite possibly the best I've seen; except with this.

      1 Reply Last reply Reply Quote 0
      • crazybrainC
        crazybrain
        last edited by

        Ok, I just got the Forwarded-For issue resolved. The log format change is in the

        /etc/apache2/apache2.conf file where I changed the following line:

         LogFormat "**%h** %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
 (%h to %a)
 LogFormat "**%a** %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

        Then I add these directives in the /etc/apache2/sites-availables/mywebsite.conf file

            RemoteIPHeader X-Forwarded-For
    RemoteIPInternalProxy 10.1.1.1

        I guess I'll have to add "RemoteIPTrustedProxy with WAN IP" when I go-live.

        1 Reply Last reply Reply Quote 0
        • D
          darkalien
          last edited by darkalien

          hi Crazybrain,

          might i ask how you got wordpress to work behind HAproxy? for some reason i am unable to login when going true the HAproxy, but when i try to acces the local ip adres everything works.

          made a new post about this, > https://forum.netgate.com/topic/152756/haproxy-unable-to-login-on-wordpress-wp-admin-page

          Thanks in advance!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.