I am using haproxy version 1.5.4.
req.hdr(host) provides host:port, ex: If I issue a request http://abc:9080, then req.hdr(Host) equals abc:8080, is there any way I can get only hostname or IP address, 1.1.1. if request is sent as http://1.1.1.1:9080
My use case is I want to use that IP/Host in redirecting to SSL port.
Your inputs appreciated.
With regards,
-N-
Related
I have a communication problem between Zabbix Proxy and Zabbix Server at port 10051. I’m using HAPROXY version 2.0.13. Look my Kubernetes scenario:
HAPROXY is working fine when I access my website zabbix.domain.com at port 80 and 443.
Zabbix-Proxy has a parameter “Server” that I set with ip address of worker-1 and the communication works fine, but this happen because the traffic don’t pass through HAPROXY server. When I try to set the Server parameter with my domain address zabbix.domain.com that go to my HAPROXY server, the communication dont work, give the impression that HAPROXY cant treat the request.
zabbix_proxy.conf: Work with Worker-1 ip addr, but dont work with domain name.
The domain name as I said, is pointing to HAPROXY server (10.0.0.110). I think the zabbix-proxy is trying to reach the port 10051 of HAPROXY server and the HAPROXY can’t deal with the requests to forward to my worker node.
This is my HAPROXY configuration, I test with frontend and backend, but now, I just rewrite with Listen parameter.
listen zabbix
mode tcp
bind :10051
option forwardfor
server worker-1 10.10.10.112:10051 check
server worker-1 10.10.10.113:10051 check
server worker-1 10.10.10.114:10051 check
Someone can help? There are some manner to point to my website zabbix.domain.com, the haproxy treat the request send to my worker-1 in port 10051? Please tell me If need more information.
I am looking to perform something quite simple.
Using haproxy I would like to forward any requests from the URL http://webmail.rutest.org or https://webmail.rutest.org to https://outlook.com/rutest.org
BASICALLY:
We currently own the domain rutest.org. What I intend to do is create a DNS "A" record for "webmail" IP address 24.103.122.18. This will then go to a FortiGate Router which has 2 port forwarding rules for 80 and 443 to an internal IP address 10.1.1.18. 10.1.1.18 will be the haproxy server. Once that request gets there, I want haproxy to say ok, you want http://webmail.rockefeller.edu or https://webmail.rockefeller.edu then send the user to https://outlook.com/rutest.org
The users browser should then reflect this URL redirection.
Can this be done? If so, what are the entries needed in the haproxy.cfg?
You can try the following, untested.
listen webmail
bind :80 v4v6
# here should be your certificates
bind :::443 v4v6 alpn h2,http/1.1 ssl crt /etc/ssl/haproxy/
http-request redirect location https://outlook.com/rutest.org if hdr(host) -i webmail.rockefeller.edu
The documentation: http-request redirect
Is there a way to set HAProxy to listen on a specific port only if the hostname from the IP used matches a certain criteria?
The distinctin is important: My server has multiple IPs, which match a domain (www1.xxxx.com, www2.xxxx.com, etc).
I want to open port YYYY only if the domain used to connect to HAProxy is www.xxxx.com. If testing via www1.xxxx.com, that port would be refused.
Note that HAProxy is used in TCP mode, not HTTP.
Is this possible?
Thank you.
May be something like this?
listen port_3306
bind :3306
mode tcp
acl my-ip src 216.58.204.78
tcp-request content accept if my-ip
server my-test-comms localhost:3306 check
Attaching the documentation link, may be you can play around with those settings.
Hope this helps.
I am using HAProxy with multiple backends and some ACLs to select a backend, I want my client (for testing purposes and etc) to know the ip of the backend that was selected.
For example, Client sends request to HAProxy which loadbalances between ip A and ip B. In the response header, I want the ip of A if A was selected by HAProxy and I want the ip of B if B was selected. I know of %[dst] but it returns the ip of the HAProxy server instead.
Right now I'm putting http-response set-header X-Forwarded-Host %[dst]:%[dst_port] in the frontend and it is returning the ip and port of the HAProxy
found the answer, its %si:%sp. cbonte.github.io/haproxy-dconv/1.7/configuration.html#8.2.4
I'm modifying CGIProxy to be enable to pass client IP address to remote/target, so remote will identify that the request is from client (not proxy server). Is it possible to do this thing? CGIProxy uses SSLeay for sending request to SSL server. But I need to pass client IP address through all protocol provided (http, https, ftp). I'm not really understand about both of proxy concept and network programming.
Usually a proxy is not source-transparent, e.g. it will have it's own address as the client address in the connection to the target server and not the original client address. This is especially true for a CGI-script working as a proxy like in your case. This behavior is independent from using a TLS or a plain TCP connection.
But some (often misconfigured) servers check for an X-Forwarded-For request header to determine the original client IP. This header can be set from inside the proxy, but again this is independent from using TLS or plain TCP.