Scenario is HAProxy as a reverse-proxy for a Docker user-defined network, so the servers are reachable by service name from HAProxy. Inbound works, but I can't seem to get the response rewrite to work.
I need any traffic, foo.com/api/* to be redirected to api:9999/*.
Current config
frontend https
acl api path_beg /api
use_backend api if api
backend api
reqrep ^([^\ ]*\ /)api[/]?(.*) \1\2
rspirep (.*) /api/
server api api:9999 check
I'm pretty sure this is what's needed, but I suspect my rspirep string is NOT correct. Any help is appreciated!
Related
Background: We have a series of interconnected applications SSL and all that we need to test putting a load balancer in front of. We're looking to publicly expose '443' to the end-users but have HAProxy proxy/redirect to the required internally exposed tcp-listeners. We're testing this implementation with haproxy and thought it would be a bit easier than either it is or we're making it to be.
https://example.com/app1 -> backend of 6 different hosts (or the
internal fqdn (not sure which would be correct)) on 30001
https://example.com/app2 -> backend of 6 different hosts (or the
internal fqdn (not sure which would be correct))on 8443
...
We've tried a number of different frontend/backend configs but can't seem to make it work as we intend. If anyone can tell me what I'm doing wrong, I'd appreciate it. Also we do not want SSL to terminate on the HAproxy which is why we aren't providing certs in the bind statement.
test1:
frontend test
bind *:443
acl path_spgen path_beg -i /app1
use_backend be_spgen if path_spgen
backend be_spgen
server host-01 x.x.x.x:30001
test2:
frontend test
bind *:443
acl path_spgen path_beg -i /app1
http-request redirect scheme https code 301 if !{ ssl_fc }
http-request redirect code 301 location https://example:30001 if path_spgen
backend be_spgen
server host-01 x.x.x.x:30001
any help would be greatly appreciated.
I'm a little bit lost atm. I try to implement a redirect within a complex HAproxy configuration. The goal is simple:
user uses a subdomain -> 123.domain.com
user will be pointed to api.domain.com but thinks it's still on 123.domain.com
user should be able to use pathes like 123.domain.com/123?123 but still get results from api.domain.com/123?123 but thinks it's gets result from 123.domain.com/123?123.
I'm totally unsure how to implement that without taking the rist of taking down production traffic.
What i would do:
creating ACL rule in SSL frontend to point to the api backend when 123.domain.de is used.
redirect prefix http://123.domain.com code 301 if { hdr(host) -i api.domain.com }
Not usre if that would work.
creating redirection rule pointing simply to another api url:
redirect location https://www.mysites/v2/pages 302 if { hdr(host) -i api.domain.com }
It's hard to implement this wihtout taking a risk of an outage. Is there something who could know the answer?
First I would recommend that you have a development and/or staging environment configured to test any changes before you make them.
To do a 301 redirect of all traffic coming from 123.domain.com to api.domain.com you can use the following
http-request redirect prefix http://api.domain.com code 301 if { hdr(host) -i 123.domain.com }
If you wanted HAProxy to connect to the api.domain.com backend on the users behalf and mask the hostname itself you would add a backend for api.domain.com and then create a use_backend rule. Keep in mind that with the below there are no 301/302 redirects performed, instead HAProxy makes the connection on behalf of the client.
Something like this would work:
use_backend api.domain.com if { hdr(host) -i 123.domain.com }
Then within api.domain.com backend you can update the Host header.
backend api.domain.com
http-request set-header Host api.domain.com
server api1 api.domain.com:80 check
I have a HTTPS server and want to redirect the specific request based on the URL to my Backend server.
Something like this should do it (for HTTP):
frontend http
bind *:80
acl mpd path_end -i .mpd
acl test hdr(host) test.com www.test.com
use_backend internal if test mpd
backend internal
http-request set-path /path/folder%[path]
# for older versions
# reqirep ^([^\ :]*)\ \/(.+\/)*(.*)\ \1\ /path/to/folder/\3
server internal-1 internal:80 check
Two ACLs in the frontend select the right backend and the http-request (reqirep for older versions) command overwrites the original request path.
You might need to tweak it.
I'm testing a simple haproxy rule to make http://localhost/haproxy-dconv take me to http://cbonte.github.io/haproxy-dconv but it isn't working. 404 response seems to be from the site but the path isn't resolving.
frontend HTTP
mode http
bind *:80
acl url_dconv path_beg /haproxy-dconv
use_backend dconv-backend if url_dconv
backend dconv-backend
mode http
server dconv cbonte.github.io
Try this -
frontend HTTP
mode http
bind *:80
use_backend dconv-backend if { path_beg /haproxy-dconv/ }
backend dconv-backend
mode http
server dconv cbonte.github.io
Source: https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#use_backend
That is because the Host header that is being sent is localhost, instead of cbonte.github.io. Add this to your backend:
http-request set-header Host cbonte.github.io
Also note that without the ending slash, you will get a 301, so make sure you send http://localhost/cbonte-dconv/ and fix your ACL.
You are using Haproxy in an incorrect way.
You need to match the ACL to get the URL between host and query parameter as you do:
acl url_dconv path_beg /haproxy-dconv
Then using this ACL to redirect from localhost if ACL is matched:
redirect prefix http://cbonte.github.io code 301 if url_dconv
But again this is more a conceptual problem of thinking redirect and matching path.
as mentioned in the title, i've set an Haproxy loadbalancer with a basic configuration, what i'd like to do is to always redirect request to the first server if the hostname matches x.domaine.com, but keep the balancing for domaine.com, is it possible with Haproxy, and if so how can i do it.
her's my configuration
listen webcluster *:80
mode http
balance roundrobin
option httpchk HEAD / HTTP/1.0
option forwardfor
cookie LSW_WEB insert
option httpclose
server bigSRV 192.168.1.10:8082 cookie LSW_WEB01 check
server miniSRV 192.168.2.10:8082 cookie LSW_WEB01 check
thanks in advence
after hours of digging i finally got it to work, so i'm going to answer my own question in case if samone have the same issue
generally i created a frontend that listen on port:80 and in which i defined 2 ACLs that uses the "if" statement to check the http header and then redirect to one of the backends defined, if no request matches the conditions, we redirect to default backend, here's how it's done (on haproxy.cfg) :
frontend http-proxy
bind *:80
acl is_www hdr(host) -i www.domain.com
acl is_x hdr(host) -i x.domain.com
use_backend clusterWWW if is_www
use_backend clusterX if is_x
default_backend clusterWWW
backend clusterWWW
server bigSRV 192.168.1.10:8082 cookie LSW_WEB01 check
server miniSRV 192.168.2.10:8082 cookie LSW_WEB01 check
backend clusterX
server bigSRV 192.168.1.10:8082 cookie LSW_WEB01 check