Posted by Andrei Grigoraş

Transparent mode with HAProxy allows you to see the IP Address of the clients computer while still having a high availability service using HAProxy.

This posting shows how to setup a blank virgin installation of Centos 6.3 64bit minimum installation.

This guide works on the assumption that you have a public facing IP Address of (I know thats not a real public address) and are using an internal network address space of 10.10.10.x/24 with our two web servers on and So we will have two network interfaces on our LoadBalancer eth0 will be set with our real world IP of and eth1 will be set up with

After installing our basic Centos 6.3 64bit OS, it maybe worth running a ‘yum update‘ command first to ensure that the system is fully updated.

As this is a minimum installation you will also need to install a few other packages. These can be installed with the following command:

yum install make wget gcc pcre-static pcre-devel

I’m using the HAProxy 1.5 dev7 build for this example but at the time of writing dev12 is the latest available build and I’ll assume that the following will also work with that Development Release. However, to get all the features that we require we will need to build HAProxy from source and not from the package repository. The following steps enable us to do just that:

tar -zxf haproxy-1.5-dev7.tar.gz
cd haproxy-1.5-dev7
cp haproxy /usr/bin/haproxy
cp examples/haproxy.cfg /etc/haproxy.cfg

The installation is now completed. However, we have only an example configuration file installed at ‘/etc/haproxy.cfg’ this is the file that will store all of the settings that we require to ensure our website is available for the maximum number of visitors. So we now need to edit this configuration file I’m going to use ‘vim’ but if you are more familiar with ‘nano’, ‘ee’ or another editor please use that.

vim /etc/haproxy.cfg

Have a quick look through the file if you wish and see the basic structure of the configuration file, we are going to create a VERY basic config to start with just to make sure that our installation is working.

log /dev/log local4
maxconn 40000
ulimit-n 81000

log global
contimeout 4000
clitimeout 42000
srvtimeout 43000

listen http1
mode http
balance roundrobin
server http1_1 cookie http1_1 check inter 2000 rise 2 fall 3
server http1_2 cookie http1_2 check inter 2000 rise 2 fall 3

Save the above configuration file and then to start the HAProxy service use the following command from the command line:

/usr/sbin/haproxy -f /etc/haproxy.cfg

If everything starts correctly you should be able to browse to your real IP Address using a different compute and see you default page, as mine are just two Debian Web Server I get the following:

If you see the above image or the page for your servers. Congratulations your two web servers are now in High Availability mode. If you do not see your default page stop HAProxy with a killall haproxy command and run /usr/bin/haproxy -d -f /etc/haproxy.cfg this will restart HAProxy with debugging displayed on the console screen to stop the debug info being printed and the HAProxy Service simply press Crtl+C

Now that the basic High Availability is working lets move to Transparent mode.

So with a stopped HAProxy service open your /etc/haproxy.cfg file again with your editor of choice and in the ‘listen http1 section’ add the following:

option http-server-close
option forwardfor
source usesrc clientip

You will now need to edit your iptables rules. I have this as my ‘’ file:

iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 111
iptables -t mangle -A DIVERT -j ACCEPT
ip rule add fwmark 111 lookup 100
ip route add local dev lo table 100

If you now run this file and then start your new modified HAProxy file and retest to your web server on the Real IP Address you should be able to see in the HTTP Access logs that the address that your site was visited from is not that of the LoadBalancer.

2016/01/13 00:58 2016/01/13 00:58
ZOSEL:Too much is as bad as too little...!! 자공(子貢)이 공자에게 "사(師:子張의 이름)와 상(商:子夏의 이름)은 어느 쪽이 어집니까?" 하고 묻자, 공자는 "사는 지나치고 상은 미치지 못한다"고 대답하였다. "그럼 사가 낫단 말씀입니까?" 하고 반문하자, 공자는 "지나친 것은 미치지 못한 것과 같다(過猶不及)"고 말하였다.
Too much is as bad as too little...!! 자공(子貢)이 공자에게 "사(師:子張의 이름)와 상(商:子夏의 이름)은 어느 쪽이 어집니까?" 하고 묻자, 공자는 "사는 지나치고 상은 미치지 못한다"고 대답하였다. "그럼 사가 낫단 말씀입니까?" 하고 반문하자, 공자는 "지나친 것은 미치지 못한 것과 같다(過猶不及)"고 말하였다.
전체 (209)
리눅스시스템 (92)
윈도우시스템 (16)
프로그램 (7)
네트워크시스템 (7)
최근관심 (1)
«   2024/05   »
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
  1.  2021
  2. 강남역 풀싸롱  2021
    강남역 풀싸롱
  3.   2021
  1. 2018/02 (1)
  2. 2017/03 (2)
  3. 2016/12 (2)