0

My setup :-

INPUT_TRAFFIC(HTTPS) --> HAPROXY ----> MULTIPLE_APP_SERVER (APACHE)

I am having a Haproxy server attached with multiple app server, which are basically Apache server. I am getting https request on Haproxy, which got decrypted at APP(Apache) server. I am getting logs on haproxy server and also on apache server. I want to exactly relate the logs of apache and haproxy server.

Sample Logs on Haproxy server :- 10.121.10.134:45558-[21/Nov/2016:10:08:01.579]-DEV-FRONTEND~-dev-backend-servers/10.140.19.197-[0/3/251]-180----0/0/0/0/0-0/0

Now this request went to one of my backend app server. But as backend app server getting many request, I am not sure how to relate.

My income request is having a header which has some uuid. If incoming request was http, then I could have mapped them. But, Incase of https, I can not extract header, So what else is possible ?

  • I don't want to decrypt and encrypt data at HAProxy.
Nitin Agarwal
  • 9
  • 4

1 Answers1

0

I suppose that question is dictated by the need to match a record in the Apache log with client IP.

Perhaps the best solution is to use one of HAProxy architectures, allowing you to view real client IP on the application server:

UPD. When you use one of these architectures you can sopostovlyat entries in the logs based on timestamp, client IP and the source port.

Slipeer
  • 3,255
  • 2
  • 18
  • 32
  • Hi, getting client ip at Apache is not required. Actually this is to get "ResponseTIme" of request from Haproxy. – Nitin Agarwal Nov 21 '16 at 11:13
  • But when you use one of these architectures you can sopostovlyat entries in the logs based on timestamp, client IP and the source port. – Slipeer Nov 21 '16 at 11:31
  • @Slipeer I do not believe *sopostovlyat* is an English word. Google translate seems to detect it as Russian but does not translate it to English successfully. Can you provide another word to help us understand your intended meaning, please? – Michael - sqlbot Nov 22 '16 at 03:45
  • Suppose if one client making multiple request, so many request will have same ip and source port. Timestamp will be different on HA Nodes and App Server nodes. So, How we can exactly relate ? – Nitin Agarwal Nov 22 '16 at 05:17
  • @Michael Excuse my English. *sopostovlyat* = *associate* – Slipeer Nov 22 '16 at 05:43
  • @NitinAgarwal I'm afraid there is no other possibility. Perhaps it would be to append an additional request header with the some request identifier, but in the configuration variables (http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3) do not have anything like the request-id – Slipeer Nov 22 '16 at 05:57
  • @slipper : Request is getting decrypted only at APP Server. So can we append any header in a https request at Haproxy ? – Nitin Agarwal Nov 22 '16 at 06:34
  • @NitinAgarwal, it slipped from my mind. Then really there is only a assotiation on the source IP address and port. There where a lot of requests come in one tsp connection - there will be problems with the assotiation. – Slipeer Nov 22 '16 at 06:38