I am using haproxy as a reverse proxy inside a docker container on a Synology NAS. I’m using the official haproxy image, v1.5.14. Depending on the URL, haproxy forwards the connection to web services hosted by the same NAS. This works pretty well.
The NAS has a “blocking IP” feature, which allows to block certain IP trying to connect too often to certain backends. The problem is, the original client IP is lost between the container and the backend. For haproxy (inside its container), the client IP seems to be the docker bridge IP, and not the actuel client IP. As a consequence, the docker bridge is sometimes blocked, since everyone trying to connect to the backends appear with the same docker bridge IP.
Is there any way to avoid this, i.e. to propagate the original client IP to the backend, so as to allow the system to block the correct IP?
FYI, the docker version used by Synology is pretty old:
root:~ # docker -v Docker version 1.6.2, build a263667
Thank you very much for your help.