Redirect web traffic to a specific port

This guide concerns redirecting web traffic to a specific port, including when using a dedicated IP and a specific web application (such as Node or Varnish, for example).

Prerequisites

• Install HAProxy on the Cloud Server

Redirect Web Traffic to a Specific Port

By default, on the Cloud Server, web traffic is sent to Apache. To route requests to a Node script or another service (provided it "listens" on a port between 4000 and 4009), you need to use HAProxy.

This applies especially to servers like Express, Socket.IO, Meteor.js, Nuxt.js, Django, Flask, Ruby on Rails, and even Java (J2E), etc.

To do this, ensure that the service listens on a port between 4000 and 4009 (typically with server.listen(4000) for Express or a basic Node HTTP server, but depending on the type of project, other means may be used, such as a configuration file, in the code, or elsewhere) and on all interfaces (0.0.0.0). It will also be necessary to configure HAProxy as shown in the example below: 

1. Log in to the Infomaniak Manager (manager.infomaniak.com) from a web browser like Brave or Edge
2. Click on the icon in the top right corner of the interface (or navigate through the left side menu, for example)
3. Select Cloud Server (under the Web & Domain universe)
4. Click directly on the name of the relevant object in the displayed table
5. Click on Fast installer in the left side menu
6. Click on the ⋮ icon to the right of HAProxy
7. Click on Configure
   
8. Enter the desired information:
   

Retrieving the Source IP of a Request

When you redirect web traffic to your web application, the request handling changes, and the request is first received by a local reverse proxy (on the server) that then forwards the request to the chosen port. Thus, due to the request forwarding, methods that typically retrieve the visitor's IP will return the IP of the reverse proxy instead of the visitor's.

Therefore, to retrieve the actual source IP of the visitor in these cases, you need to check an HTTP header named X-Forwarded-For, which will contain the accumulated source IPs from each redirection. This header will thus contain the original client IP address last, allowing you to identify the real visitor.

Attention: It is important to note that HTTP headers can be manipulated, presenting security risks. To minimize these risks, it is recommended to verify that the request indeed comes from a reliable server before trusting the content of the X-Forwarded-For header. This verification may involve ensuring that the request was forwarded by a trusted intermediate server, identified by a pre-established list of IP addresses. In the case where the site uses a dedicated IP, the trusted servers are:

• 83.166.133.15
• 83.166.133.17
• 83.166.133.16
• 84.16.92.5
• 84.16.92.43
• 10.2.32.255
• 10.2.34.164