Troubleshooting Digital experience monitoring (DEM) geolocation failure

Sometimes you might not get the correct geolocation information. To troubleshoot this problem, follow the procedure.


Only the IP address of the HAProxy can be captured, instead of the IP addresses of real client hosts. As a result, the geolocation information can't be retrieved correctly.

Root cause

Some private cloud platforms have an HAProxy in front of OCP cluster. The source.ip is the IP of the kube-proxy, not the the source IP of the real client host. In this case, DEM can't detect the correct geolocation information.

Solution for HTTP protocol

If the geolocation information can't be retrieved correctly for HTTP, follow the steps.

X-Forwarded-For is used in the header to capture client IP addresses to enrich geolocation information. You need to turn on the option forwardfor, and ensure mode http is used for ingress-http in the file /etc/haproxy/haproxy.cfg.

  1. Ensure option forwardfor are set in the defaults section as follows.

         log local2
         chroot      /var/lib/haproxy
         ... ...
         mode                    http
         log                     global
         option                  httplog
         option                  dontlognull
         option http-server-close
         option forwardfor       except
         ... ...
  2. Ensure both frontend and backend ingress-http use mode http as follows. By default, it's mode tcp.

     frontend ingress-http
         bind *:80
         default_backend ingress-http
         mode http
         option tcplog
     backend ingress-http
         balance source
         mode http
         server worker0 check
         server worker1 check
         server worker2 check
  3. Restart HAProxy to take effect.

  4. Ensure that HAProxy is restarted successfully.

Then, you can get correct client IP addresses from X-Forwarded-For.

Solution for HTTPS protocol

If the geolocation information can't be retrieved correctly for HTTPS, you need to check whether both HAProxy and OpenShift are configured to support Proxy Protocol. For more information, see Proxy Protocol and Configuring the HAProxy Router to Use the PROXY Protocol.

If you need help for configuring OpenShift to support HAProxy, you can engage OpenShift support.