Article overview

Help article

What are the different modes for HA-IP?

HA-IP is a ‘highly-available’ IPv4 and IPv6 address that allows you to forward TCP traffic to a single BladeVPS. Besides TCP traffic also offers the option for three other modes which can be used for forwarding traffic.

You can choose between the following modes:

ha-ip tcp port settings


This is the deafult mode. While active, all TCP traffic for a specific port will be forwarded via the HA-IP loadbalancers to the same port on the connected VPS. For this to work, it's important that you set up this port in the control panel. Otherwise this traffic will be dropped by HA-IP.

- Pro: All TCP traffic will be forwarded to your VPS without it requiring any modification or configuration on your VPS.
- Con: The 'remote' IP headers will not be forwarded, so your server has no way of knowing which IP is the original visitor. 


When using the HTTP mode the X-Forwarded-For header is added to the traffic. As long as support for the remote headers is enabled in the configuration of your webserver, you can use $_SERVER['REMOTE_ADDR'] for example to see the original IP.

  • Are you using NGINX?
    Add the following information to the configuration of Nginx:
    set_real_ip_from 2a01:7c8:ba1a::/48;
    set_real_ip_from 2a01:7c8:e000::/48;
    real_ip_header   X-Forwarded-For;
  • Are you using Apache? 
    In that case you use the mod_remoteip module (documentation). It's configuration could look like the following:
    RemoteIPHeader X-Forwarded-For 
    RemoteIPTrustedProxy 2a01:7c8:ba1a::/48 
    RemoteIPTrustedProxy 2a01:7c8:e000::/48
  • Are you using IIS?
    For enabling remote headers multiple changes are required, for which you can find a detailed guide on

- Pro: When enable in the configuration, the remote IP will be visible / logged in your visitor logs.
- Con: This option is not enabled by default in webserver software and only works for HTTP traffic, not for HTTPS (without installing an SSL certificate) and / or other TCP traffic.


When using the HTTPS mode, so called 'SSL termination' is already performed on our HA-IP platform. This is possible due to an SSL certificate being installed for your domain / application. Via this mode HTTPS traffic can be forwarded to the connected VPS including the remote IP headers. 

In order for this to work, it is required that you also have an SSL certificate installed on your VPS for the domains you want routed via HA-IP. This does not necessary needs to be a validated SSL certificate, so a 'selfsigned' (or 'snakeoil') certificate may be used as well. Furthermore, the 'X-Forwarded-For' option needs be enabled in the configuration of your webserver (same as with the HTTP mode).

More information on how to install an SSL certificate for HA-IP can be found here.

- Pro: When enable in the configuration, the remote IP will be visible / logged in your visitor logs.
- Con: You will need to install an SSL certificate on both our HA-IP platform as your VPS and need to enable 'X-Forwarded-For' in your webserver configuration.
- Con: To use an SSL-certificate with HA-IP (Pro), you can only use our Comodo SSL-certificates, or generate Let's Encrypt certificates, for domains that are in the same TransIP-account that also contains HA-IP (Pro).


When using the PROXY mode, all traffic including the original headers are being forwarded to your server. This makes it sounds ideal, however does require that the software listening on that port support the PROXY protocol. Furthermore, use of the PROXY mode causes the specific service on that port to only be reachable via HA-IP. Direct connections to the IP address of your VPS are no longer possible (for that port / service). Detailed information on the PROXY mode can be found on HAProxy's website.

- Pro: This offers the option to forward traffic 'transparantly' to other services than HTTP (such as mail). Furthermore, the PROXY mode offer the option to 'terminate' SSL on your own VPS. This ensures that management of your SSL certificates remains under your own control.
- Con: Not many software / applications support this protocol and it causes the specific port to only be reachable via HA-IP.


Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘Contact Us’ button at the bottom of this page.

If you want to discuss this article with other users, please leave a message under 'Comments'.

Do you have a good idea?

Give us your idea! If it's popular we'll add it to the wishlist!

Has this article been helpful?

Create an account or log in to leave a rating.


Create an account or log in to be able to leave a comment.

Are you stuck?

Ask one of our specialists to assist you

Contact us