Hi,

proxy_protocol_networks does not seem to work properly in my setup. I have one working setup, and one non-working setup. The setups are equal, except hostnames and IP-addresses.

Working setup;

• db-demo-01 (172.20.20.61)
• db-demo-02 (172.20.20.62)
• db-demo-02 (172.20.20.62)
• db-demo-ha01 (172.20.20.28)
• db-demo-ha02 (172.20.20.29)

Non-working setup:

• db-prod-01 (172.20.20.71)
• db-prod-02 (172.20.20.72)
• db-prod-02 (172.20.20.72)
• db-prod-ha01 (172.20.20.38)
• db-prod-ha02 (172.20.20.39)

All hosts are running Ubuntu 18.04.2 LTS. All within the same subnet (172.20.20.0/24). All ha*-nodes are running haproxy. The non-ha-nodes are running MariaDB Galera cluster.

I have the following in my.cnf on all MariaDB nodes;

proxy_protocol_networks=::1, 127.0.0.1, localhost, 172.20.20.0/24

A snippet of the haproxy.cfg;

server db-demo-01 db-demo-01.example.com:3306  check send-proxy-v2

The Proxy Protocol works as expected on the 'demo' cluster. However, on the 'prod' cluster, having the exact same configuration (including the proxy_protocol_networks config above), haproxy cannot connect, complaining as following;

Server mysql_cluster/db-prod-01 is DOWN, reason: Layer7 wrong status, code: 0, info: "#HY000Proxy header is not accepted from 172.20.20.38", check duration: 0ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

That IP is within the 172.20.20.0/24 range specified. If I explicitly list the IP (without CIDR notation) in the config, it works as expected;

proxy_protocol_networks=::1, 127.0.0.1, localhost, 172.20.20.0/24, 172.20.20.38, 172.20.20.39

The order of the 172.20.20.0/24 does not matter (i.e. it's not because it was bad parsing due to being the last entry in the list, or similar).