Troubleshooting Digital experience monitoring (DEM) geolocation failure
Sometimes you might not get the correct geolocation information. To troubleshoot this problem, follow the procedure.
Only the IP address of the HAProxy can be captured, instead of the IP addresses of real client hosts. As a result, the geolocation information can't be retrieved correctly.
Some private cloud platforms have an HAProxy in front of OCP cluster. The
source.ip is the IP of the kube-proxy, not the the source IP of the real client host. In this case, DEM can't detect the correct geolocation information.
Solution for HTTP protocol
If the geolocation information can't be retrieved correctly for HTTP, follow the steps.
X-Forwarded-For is used in the header to capture client IP addresses to enrich geolocation information. You need to turn on the option
forwardfor, and ensure
mode http is used for ingress-http in the file
option forwardforare set in the
defaultssection as follows.
global log 127.0.0.1 local2 chroot /var/lib/haproxy ... ... defaults mode http log global option httplog option dontlognull option http-server-close option forwardfor except 127.0.0.0/8 ... ...
Ensure both frontend and backend ingress-http use
mode httpas follows. By default, it's
frontend ingress-http bind *:80 default_backend ingress-http mode http option tcplog backend ingress-http balance source mode http server worker0 10.16.18.53:80 check server worker1 10.16.18.54:80 check server worker2 10.16.18.107:80 check
Restart HAProxy to take effect.
Ensure that HAProxy is restarted successfully.
Then, you can get correct client IP addresses from
Solution for HTTPS protocol
If the geolocation information can't be retrieved correctly for HTTPS, you need to check whether both HAProxy and OpenShift are configured to support Proxy Protocol. For more information, see Proxy Protocol and Configuring the HAProxy Router to Use the PROXY Protocol.
If you need help for configuring OpenShift to support HAProxy, you can engage OpenShift support.