I would like incoming queries in haproxy example: http://haproxy/test are redirected to one of the backends in a 301 redirection:
http://server-a/test or
http://server-b/test or
http://server-c/test or
…
my backend:
backend cluster_redirect
http mode
random balance
server server-a:80
server server-b:80
server server-c:80
my frontend:
front-end www
bind:80
http-request redirect code 301 location http://%bi%[capture.req.uri]
use_backend cluster_redirect
%bi is not interpreted!. URL for redirect is : “location: http:///test”
If i use a set-header for debug: http-response set-header X-Debug http://%bi%[capture.req.uri]
the header is : X-Debug: http://10.1.1.1/test.
10.1.1.1 is the IP for haproxy.
Thank you
Related
is it possible to change/rewrite/replace the domain name in the request before you pass it through to the backend server?
I have 1 frontend:
frontend https-dev
maxconn 2000
option forwardfor header X-Real-IP
http-request set-header X-Real-IP %[src]
default_backend be-dev-cdn
# BEGIN CORS
http-response set-header Access-Control-Allow-Origin "*"
http-response set-header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept, Authorization, JSNLog-RequestId, activityId, applicationId, applicationUserId, channelId, senderId, sessionId"
http-response set-header Access-Control-Max-Age 3628800
http-response set-header Access-Control-Allow-Methods "GET, DELETE, OPTIONS, POST, PUT"
# END CORS
bind *:443 ssl crt domain.pem
reqadd X-Forwarded-Proto:\ https
# set X-SSL in case of ssl_fc <- explained below
http-request set-header X-SSL %[ssl_fc]
And 1 backend with multiple hosts:
backend be-dev-cdn
balance roundrobin
server dev-cdn01.domain.com 192.168.101.1:80 check
server dev-cdn02.domain.com 192.168.101.2:80 check
server dev-cdn03.domain.com 192.168.101.3:80 check
server dev-cdn04.domain.com 192.168.101.4:80 check
server dev-cdn05.domain.com 192.168.101.5:80 check
The user would input the domain www.domain.com and I would then rewrite/replace this domain to a new domain name based on the backend server to which the request is forwarded. For example:
www.domain.com -> haproxy -> backend server dev-cdn05.domain.com; rewrite the request.
My goal is that I would just like to route the requests through haproxy server but not the response
Is this possible with haproxy?
I'm starting to use haproxy to balance across nginx servers (in order to load balance the rails instances behind those nginxen). I want to 301 redirect all names that aren't the www name to the www name (and all http -> https). So I write this, which doesn't quite work. What actually happens is that http -> https, but all the names on https return 200 rather than 301 for all but www.staging.example.com. In addition, I was hoping to 301, say http://staging.example.com/ directly to https://www.staging.example.com/, but instead it just 301's to https://staging.example.com/
frontend www-http
bind 1.2.3.4:80
acl redirect_canonical req_ssl_sni -i staging.example.com
acl redirect_canonical req_ssl_sni -i myname.example.com
http-request redirect code 301 location https://www.staging.example.com%[capture.req.uri] if\
redirect_canonical
http-request redirect code 301 scheme https if !{ ssl_fc }
reqadd X-Forwarded-Proto:\ http
default_backend railswebapp-backend
frontend www-https
bind 1.2.3.4:443 ssl crt /etc/haproxy/ssl/
# Test URI to see if its a letsencrypt request.
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
acl redirect_canonical req_ssl_sni -i staging.example.com
acl redirect_canonical req_ssl_sni -i myname.example.com
http-request redirect code 301 location https://www.staging.example.com%[capture.req.uri] if\
redirect_canonical
reqadd X-Forwarded-Proto:\ https
default_backend railswebapp-backend
Any pointers on what I'm doing wrong?
Update
The corrected block is this:
frontend www-http
bind 1.2.3.4:80
acl redirect_canonical hdr(host) -i staging.example.com
acl redirect_canonical hdr(host) -i myname.example.com
http-request redirect code 301 location https://www.staging.example.com%[capture.req.uri] if\
redirect_canonical
http-request redirect code 301 scheme https if !{ ssl_fc }
reqadd X-Forwarded-Proto:\ http
default_backend railswebapp-backend
frontend www-https
bind 1.2.3.4:443 ssl crt /etc/haproxy/ssl/
# Test URI to see if its a letsencrypt request.
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
acl redirect_canonical ssl_fc_sni -i staging.example.com
acl redirect_canonical ssl_fc_sni -i myname.example.com
http-request redirect code 301 location https://www.staging.example.com%[capture.req.uri] if\
redirect_canonical
reqadd X-Forwarded-Proto:\ https
default_backend railswebapp-backend
I'm using HAProxy for load balancing and only want my site to support https. Thus, I'd like to redirect all requests on port 80 to port 443.
How would I do this?
Edit: We'd like to redirect to the same url on https, preserving query params. Thus, http://foo.com/bar would redirect to https://foo.com/bar
frontend httpfront
mode http
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
You need configure frontend for 443 port.
frontend (port 80) -> frontend (port 443) -> backend
Check my example:
frontend httpfront
mode http
bind *:80
redirect scheme https code 301 if !{ ssl_fc }
frontend httpsfront
mode tcp
bind *:443
default_backend app
backend app
mode tcp
balance roundrobin
server server01 10.10.10.11:443 check
server server02 10.10.10.12:443 check
I know how to redirect from:
http example.com to https www.example.com
and
http www.example.com to https www.example.com
but don't know how to redirect from:
https example.com to https www.example.com in Haproxy
redirect prefix https://www.example.com code 301 if { hdr(host) -i example.com } in both frontend
frontend weblb
bind *:80
acl is_www hdr_beg(host) ilanni.com
redirect prefix https://www.ilanni.com code 301 if is_www
acl is_host hdr_beg(host) wwww.ilanni.com
redirect scheme https if !{ ssl_fc }
bind *:443 ssl crt /etc/haproxy/ilanni.com.pem
use_backend sellerserver if is_host
backend sellerserver
balance source
server web1 127.0.0.1:8111 maxconn 1024 weight 3 check inter 2000 rise 2 fall 3
If it's possible to disable https on some url, i try this, but it's not working.
I need a piece of my site without https and redirect
frontend http
bind *:80
mode http
acl folder path_beg -i ^/somefolder/subfolder/.* ^/somefolder/subfolder2/.*
redirect scheme https if !folder
option http-server-close
reqadd X-Forwarded-Proto:\ http
option forwardfor header X-Real-IP
default_backend nodes
frontend https
bind *:443
mode http
option http-server-close
reqadd X-Forwarded-Proto:\ https
option forwardfor header X-Real-IP
default_backend nodes
backend nodes
balance leastconn
server server1 10.10.10.7:80 cookie A check
server server2 10.10.10.8:80 cookie A check
Access list
acl folder path_dir -i /somefolder/subfolder/ /somefolder/subfolder2/
In backend you need rule
redirect scheme https if !folder !{ ssl_fc }
After that - all site has redirect to htts, but if uri contains /somefolder/subfolder/ or /somefolder/subfolder2/ it's be able to connect by http.
In nginx you need add some rules if you wanna redirect https to http
if ( $http_x_forwarded_proto = "https" ) {
rewrite ^/somefolder/subfolder2/ http://domain//somefolder/subfolder2/ permanent;
}