We are busy with setting up HAProxy. Almost everything is working, except setting it up without multiple sites with different acl's.
What we want:
Using HAProxy with multiple sites, all on the same IP, all with the same backends but with different IP Blockings/Username-Password protection.
What we have working:
Get incoming traffic to backend (with an acl to use https instead of http).
The situation without haproxy/varnish:
Now, we are using apache to handle the acl (allow,deny ip's and use username-password protection).
We tried to capture this through X-Forwarded-For inside apache. However, the web servers themselves can no longer communicate with each other. We had to remove the allow role for the subnet (loadbalancer and webserver are in the same subnet). With this allow, apache don't look at the x-forward-header, and will allow all traffic. Without it, the webservers cannot communicate with each other.
Does anyone have an example or mindset for us to get there?
Now: internet->firewall->apache
What we want: internet->firewall->haproxy(ssl offloading)->varnish->apache (haproxy and varnish running on the same machine)