Details
Description
Hi,
proxy_protocol_networks does not seem to work properly in my setup. I have one working setup, and one non-working setup. The setups are equal, except hostnames and IP-addresses.
Working setup;
- db-demo-01 (172.20.20.61)
- db-demo-02 (172.20.20.62)
- db-demo-02 (172.20.20.62)
- db-demo-ha01 (172.20.20.28)
- db-demo-ha02 (172.20.20.29)
Non-working setup:
- db-prod-01 (172.20.20.71)
- db-prod-02 (172.20.20.72)
- db-prod-02 (172.20.20.72)
- db-prod-ha01 (172.20.20.38)
- db-prod-ha02 (172.20.20.39)
All hosts are running Ubuntu 18.04.2 LTS. All within the same subnet (172.20.20.0/24). All ha*-nodes are running haproxy. The non-ha-nodes are running MariaDB Galera cluster.
I have the following in my.cnf on all MariaDB nodes;
proxy_protocol_networks=::1, 127.0.0.1, localhost, 172.20.20.0/24
|
A snippet of the haproxy.cfg;
server db-demo-01 db-demo-01.example.com:3306 check send-proxy-v2
|
The Proxy Protocol works as expected on the 'demo' cluster. However, on the 'prod' cluster, having the exact same configuration (including the proxy_protocol_networks config above), haproxy cannot connect, complaining as following;
Server mysql_cluster/db-prod-01 is DOWN, reason: Layer7 wrong status, code: 0, info: "#HY000Proxy header is not accepted from 172.20.20.38", check duration: 0ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
That IP is within the 172.20.20.0/24 range specified. If I explicitly list the IP (without CIDR notation) in the config, it works as expected;
proxy_protocol_networks=::1, 127.0.0.1, localhost, 172.20.20.0/24, 172.20.20.38, 172.20.20.39
|
The order of the 172.20.20.0/24 does not matter (i.e. it's not because it was bad parsing due to being the last entry in the list, or similar).