HAProxy负载均衡及IP透传功能测试 源地址保持 原地址四层七层保持 - LVS才是标准四层负载均衡！不涉及端口！只转发IP！！！

七层IP透传测试

原理同nginx通过配置将客户端ip添加到 xforwordefor 请求头中，具体如下：

global
    log    127.0.0.1 local3 info  
    chroot  /usr/local/haproxy
    pidfile  /var/run/haproxy.pid 
    maxconn  65530               
    user   haproxy
    group   haproxy
    daemon                      
defaults
    log     global     
    log     127.0.0.1 local3 info 
    mode    http     
    option  httplog    
    option  dontlognull  
    option  httpclose
#    option  forwardfor
    retries   3  
    maxconn 65530              
    timeout http-request    10s
    timeout queue           1m
    timeout connect         60s  
    timeout client          2m   
    timeout server          2m   
    timeout http-keep-alive 10s
    timeout check           10s

frontend frontend_http
    bind *:80
    option tcplog
    option forwardfor
    mode http
    default_backend backend_http
backend backend_http
    mode http
    balance roundrobin
    server emqx_node_1 192.168.47.11:8080 check
    server emqx_node_2 192.168.47.12:8080 check

frontend frontend_https
    bind *:443
    option tcplog
    mode tcp
    default_backend backend_https
backend backend_https
    mode tcp
    balance roundrobin
    server emqx_node_3 192.168.47.11:8443 check
    server emqx_node_4 192.168.47.12:8443 check
listen haproxy_status
    bind *:9800
    mode http
    option httplog
    maxconn 200
    stats refresh 120s
    log 127.0.0.1 local0 err
    stats uri /haproxy-status
    stats realm welcome login\haproxy
    stats auth admin:123456
    stats hide-version
    stats admin if TRUE

# 测试 针对 http 的请求 增加了 option forwardfor 支持 forwardfor 发现 客户端ip被添加到了 xforwardfor 请求头中

# 四层  

IP透传测试

haproxy四层透传ip实现方式 是通过支持proxy-protocal 协议来实现，拿到四层流量后将客户端ip信息写入到数据包中，后端服务也必须支持proxy-protocal ，否则会报错。测试如下：
haproxy 配置如下：

global
    log    127.0.0.1 local3 info  
    chroot  /usr/local/haproxy
    pidfile  /var/run/haproxy.pid 
    maxconn  65530               
    user   haproxy
    group   haproxy
    daemon                      
defaults
    log     global     
    log     127.0.0.1 local3 info 
    mode    http     
    option  httplog    
    option  dontlognull  
    option  httpclose
#    option  forwardfor
    retries   3  
    maxconn 65530              
    timeout http-request    10s
    timeout queue           1m
    timeout connect         60s  
    timeout client          2m   
    timeout server          2m   
    timeout http-keep-alive 10s
    timeout check           10s

frontend frontend_http
    bind *:80
    option tcplog
    option forwardfor   
    mode http
    default_backend backend_http
backend backend_http
    mode http
    balance roundrobin
    server emqx_node_1 192.168.47.11:8080 check
    server emqx_node_2 192.168.47.12:8080 check

frontend frontend_https
    bind *:443
    option tcplog
    mode tcp
    default_backend backend_https
backend backend_https
    mode tcp
    balance roundrobin
   # server emqx_node_3 192.168.47.11:8443 send-proxy  check
   #server emqx_node_4 192.168.47.12:8443  check 
   server emqx_node_5 192.168.47.10:808 send-proxy check    --四层在代理服务器后 增加 send-proxy 配置 

listen haproxy_status
    bind *:9800
    mode http
    option httplog
    maxconn 200
    stats refresh 120s
    log 127.0.0.1 local0 err
    stats uri /haproxy-status
    stats realm welcome login\haproxy
    stats auth admin:123456
    stats hide-version
    stats admin if TRUE

重新启动haproxy 服务

# 可以看到请求头中

# 备注 ：

nginx 支持 proxy_protocal，因此后端服务器我们使用nginx,tomcat 不支持 如果后端服务器是tomcat 那么代理会不成功，tomcat读取请求包会报错。
nginx 安装 需要带有 realip等模块如下：–nginx版本 1.20
————————————————

原文链接：https://blog.csdn.net/zhangxm_qz/article/details/124117546