This fork is here so that we still have access to the sources if the upstream is ever removed
This is an Apache module that implements the server side of HAProxy's Proxy Protocol.
Note: as of Apache 2.4.30 this code has been merged into
mod_remoteip,
with the ProxyProtocol
directive renamed to RemoteIPProxyProtocol
.
You'll need the apache development packages installed (typically something
like apache-devel
or apache2-dev
). Then simply running make
will
create the shared library in .libs/mod_proxy_protocol.so
; make install
will attempt to install it in your current apache installation (you'll
probably need to be root for this).
Add the following directive to your apache config to load the module
LoadModule proxy_protocol_module <path-to-module>/mod_proxy_protocol.so
or try running
apxs -a mod_proxy_protocol.c
For configuration details see the module docs
To properly secure Apache when using this on EC2 behind an ELB you'll probably want to do something like the following to ensure that only the ELB can provide the proxy protocol header while still being able to access the site directly (not via the ELB):
- In Apache create a copy of virtual host with a new port, and add the 'ProxyProtocol On' directive to this new virtual host.
- Add an entry to the security group for the server that only allows access
to this new port from the ELB (specify the source as
amazon-elb/amazon-elb-sg
) - Point the ELB listener at this new port (and of course enable the proxy protocol for that)
- Add access-control (see commented out
ProxyProtocolTrustedProxies
inmod_proxy_protocol.xml
) - Add support for outgoing connections (
mod_proxy
)