This article describes how to configure HAProxy and ejabberd together. If you are using a proxy in front of ejabberd, the support for proxy protocol is a new feature allowing the XMPP server to know the real IP addresses of the connecting client instead of seeing just the IP used by the proxy server.
By using this feature, ejabberd will show the real IP addresses in logs and you will be able to use access control rules that rely on these IP addresses.
We assume you already have HAProxy and ejabberd installed. To enable proxy protocol, start with editing HAProxy configuration. We need to add
frontend c2s mode tcp bind *:5222 default_backend c2s_backend backend c2s_backend mode tcp server l 126.96.36.199:5225 send-proxy-v2 # <- This is place where we need to add that flag
Next, in ejabberd configuration, we need to add
use_proxy_protocol: true option in corresponding
listen: - port: 5225 module: ejabberd_c2s use_proxy_protocol: true # <- Important part ...
It’s important to note the ejabberd listener that has this option enabled will reject all connections that don’t have proxy protocol data sent before the real traffic. Don’t enable this option unless you are using a proxy that is generating it!