I am trying to reverse proxy clients to a web server through HAProxy and Nginx with SSL traffic using SNI. With the standard configuration, the web server sees the HAProxy IP and connects. When applying "send-proxy" to the appropriate backend in HAproxy my client browser fails to connect and times out. How can I configure Nginx headers to decipher this and the web server know their IP?


Solution 1:

See NGINX's docs:

http {
    #...
    server {
        listen 80   proxy_protocol;
        listen 443  ssl proxy_protocol;
        #...
    }
}

This allows NGINX to be downstream from an HAProxy transmitting proxy protocol. The link I quoted contains more information on how to log/get the client's IP address.