http://example.com ------ > X.X.X.X:80
http://example.com:8080 --------> X.X.X.X:8080
How I configure this on haproxy?
Look for
bind
in the frontend configuration (https://www.haproxy.com/blog/the-four-essential-sections-of-an-haproxy-configuration/).
Related
I am looking to perform something quite simple.
Using haproxy I would like to forward any requests from the URL http://webmail.rutest.org or https://webmail.rutest.org to https://outlook.com/rutest.org
BASICALLY:
We currently own the domain rutest.org. What I intend to do is create a DNS "A" record for "webmail" IP address 24.103.122.18. This will then go to a FortiGate Router which has 2 port forwarding rules for 80 and 443 to an internal IP address 10.1.1.18. 10.1.1.18 will be the haproxy server. Once that request gets there, I want haproxy to say ok, you want http://webmail.rockefeller.edu or https://webmail.rockefeller.edu then send the user to https://outlook.com/rutest.org
The users browser should then reflect this URL redirection.
Can this be done? If so, what are the entries needed in the haproxy.cfg?
You can try the following, untested.
listen webmail
bind :80 v4v6
# here should be your certificates
bind :::443 v4v6 alpn h2,http/1.1 ssl crt /etc/ssl/haproxy/
http-request redirect location https://outlook.com/rutest.org if hdr(host) -i webmail.rockefeller.edu
The documentation: http-request redirect
I have a couple of webservers that are reachable directly through the following URL:
https://abcd.example.com:8445/desktop/container/landing.jsp?locale=en_US
https://wxyz.example.com:8445/desktop/container/landing.jsp?locale=en_US
I need to use HAProxy to loadbalance between the two and use the following URLs instead when hitting the frontend:
http://1234.example.com/desktop/container/landing.jsp?locale=en_US
or
https://1234.example.com:8445/desktop/container/landing.jsp?locale=en_US
So other requirements beside the two above:
If initial traffic is port 80, convert to port 8445
Mask the URL so that on the browser while it redirected to https and port to 8445, the host remains intact, like so: https://1234.example.com:8445/desktop/container/landing.jsp?locale=en_US
Here's my config so far:
frontend WebApp_frontend
mode http
bind 10.4.34.11:80
acl is80 dst_port 80
http-request set-uri https://%[req.hdr(Host)]:8445%[path]?%[query] if is80
default_backend WebApp-backend
backend WebApp_backend
description WebApp
balance roundrobin
mode http
server webserver1 10.2.89.222:8445 check inter 5s fall 3 rise 5 downinter 1m ssl verify none
server webserver2 10.4.89.223:8445 check inter 5s fall 3 rise 5 downinter 1m ssl verify none
The problem I'm facing right now is that when you access the frontend, HAProxy will redirect you to any of the webservers and force your client to hit the webserver directly instead of through the HAProxy. I need the connection to remain through the HAProxy.
If all your application is doing is redirecting to HTTPs then you should probably just handle that directly within HAProxy. You might want to also explore whether your application supports X-Forwarded-Proto and X-Forwarded-Host.
Another option is you can have HAProxy rewrite the redirects from the backend application to the hostname you choose. Using HAProxy 2.1 you would do something like this:
http-response replace-header location https?://[^:/]*(:?[0-9]+/.*) https://1234.example.com\1 if { status 301:302 }
I need an example HAProxy config to do the following:
Server1 = 192.168.0.177 ( I did not give the servers names - only IP's)
On Server1, I run HAproxy as well as Apache.
Apache on Server1 is setup to listen on port 8080 now, and has two Virtual Hosts correctly setup for two sub-domains - each serving its own website content.
Sub-domain 1 = s.mydomain.com
Sub-domain 2 = x.mydomain.com
I have a second server running on 192.168.0.233.
I want to setup HAProxy to listen to s.mydomain.com and then forward it to Apache on the same server ( 192.168.0.177), x.mydomain.com and forward it to Apache on the same server (192.168.0.177) and y.mydomain.com and forward traffic to the second server (192.168.0.233).
I do not need any load balancing at this point, just routing/forwarding as described above.
Here you go,
global
#debug
defaults
mode http
option httpclose
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
backend same_server
server same_server 127.0.0.1:8001
backend second_server
server second_server 192.168.0.233:80
frontend app *:80
acl sub_y hdr(host) -i y.mydomain.com
use_backend second_server if sub_y
default_backend same_server
I need an help about the configuration of our HAProxy.
this is our configuration:
HAProxy > Varnish servers > CMS servers
what I wish is that the HAProxy the HAProxy checks in the backend if the CMS Server is working properly and the use the varnish server as connection.
is it possible? if yes, how?
thank you very much
Nick
In your HAProxy backend you can use the server option and specify the addr and port options to define where the check actually goes. For example:
backend nodes
mode http
balance roundrobin
server varnish1 10.0.0.1:80 check addr 10.1.0.0 port 80
server varnish2 10.0.0.1:80 check addr 10.1.0.1 port 80
server varnish3 10.0.0.3:80 check addr 10.1.0.2 port 80
The 10.1.0.x addresses are for the CMS.
The documentation has all of the parameters that can be specified for the check option.
I'm using haproxy with stunnel handling SSL (and using the proxy mode to preserve the original IP from haproxy).
I have several acl tests that redirect to different backends depending on the domain, headers, or path.
The problem is that these are identical whether you're coming in via http or https, but I have to duplicate them in the config. Is there any way to reduce the duplication?
Here's a sample config:
global
user haproxy
group haproxy
#etc...
frontend http-in
bind *:80
acl files_path path_beg /files/
acl beta_host hdr_beg(host) -i beta.
use_backend files if files_path
use backend beta_host
default_backend appservers
frontend https-in
bind *:442 accept-proxy
acl files_path path_beg /files/
acl beta_host hdr_beg(host) -i beta.
use_backend files if files_path
use backend beta_host
default_backend appservers
backend appservers
balance roundrobin
option forwardfor
server appserver_1 localhost:8080 weight 1
server appserver_2 192.168.1.101:8080 weight 1
backend files
balance roundrobin
option forwardfor
server file1 192.168.1.102 weight 1
server file2 192.168.1.103 weight 1
backend beta
balance roundrobin
server beta1 192.168.1.104 weight 1
The http-in and https-in have different ports, and the https-in has to sepcify accept-proxy so that stunnel can use the proxy protocol to pass it the original IP of the user. But other than that they are identical, and should always be identical. Is there any way to reduce this duplication? (haproxy 1.5-dev)
you could simply bind one http in frontend to both.
frontend http-in
bind *:80
bind 0.0.0.0:443 transparent
Unfortunately, haproxy manual (http://haproxy.1wt.eu/download/1.5/doc/configuration.txt) stays that acl can be defined only in frontend, listen and backend sections.
If https and http frontends are same, you can define few bind sentences in one frontend.