haproxy redirect both scheme and location together - redirect

I need to redirect a specific http URL first to its equivalent https and then on to a completely different https URL (don't ask why I can't just redirect the original http straight to the final https URL, this is what the client wants and the client is always right!). Additionally I need to be able to redirect the original https to the different https too.
So, what I need is the ability to redirect http://foo.bar.com => https://foo.bar.com and then https://foo.bar.com => https://another.foobar.com, as well as redirecting https://foo.bar.com => https://another.foobar.com.
Currently to redirect just https://foo.bar.com => https://another.foobar.com I'm using this:
acl is_new_portal hdr(host) -i foo.bar.com
redirect location https://another.foobar.com code 302 if is_new_portal
with an initial bind on port 443, and I know to redirect http to https I would use:
redirect scheme https code 302 if !{ ssl_fc }
(using code 302 rather than 301 as eventually another.foobar.com will be removed, so I don't want the redirection permanently cached in clients' browsers)
but I need to be able to do both relocations, and I'm not sure how you combine the two?

I am not certain to understand if your issue is related to the binding or to the ACLs. You already have all the answers to your question. You can wrap them in a simple frontend:
frontend main
bind :80
bind :443 ssl crt yourCertFile
acl is_new_portal hdr(host) -i foo.bar.com
redirect scheme https code 302 if !{ ssl_fc } is_new_portal
redirect location https://another.foobar.com code 302 if { ssl_fc } is_new_portal
http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubDomains;\ preload; if { ssl_fc }
The space between ACLs after the if is interpreted as a AND. So you will get something like:
redirect to https IF the host is foo.bar.com AND NOT using ssl
redirect to https://another.foobar.com IF the host is foo.bar.com AND using ssl

Related

Haproxy redirect and fowarding the subdomain

I have an Haproxy server and I need when the user type any_word.registro.myserver.com.br on the browser, the Haproxy redirect to https://app2.otherserver.com.br/register/**any_word**
The any_word is a captcha (*.registro.myserver.com.br)
Today I have the following redirect that doesn't forward:
acl fqdn_register_all hdr_dom(host) -i registro.myserver.com.br
redirect prefix https://app2.otherserver.com.br/register code 302 if fqdn_register_all
How should i change the above code?
Best regards
this rule should do the work:
acl fqdn_register hdr_dom(host) -i registro.myserver.com.br
capture request header Host len 128
redirect prefix https://app2.otherserver.com.br/register/%[capture.req.hdr(0)] code 302 if fqdn_register
hope it helps.

Haproxy URL redirect

Using haproxy 2.0.13-2
Having an issue with ACL's and redirect
I want to ACL on stuff.xyz.com/mycrap.aspx and redirect that to junk.abc.com
As a test I have an
ACL acl_stuff hdr(host) -i stuff.xyz.com/junk.aspx
use_backend be_stuff if acl_stuff
backend be_stuff
stats enable
option forwardfor
http-response add-header X-Backend ohs1docker01
server ohs1docker01 ohs1docker01.def.com:80 check
However even the ACL with the backend isnt working. I hit that page and I get a 404 which leads me to believe the ACL is not getting hit so the traffic is not getting to the backend.
Im hoping someone can give me some direction on this
Looks like you want to use http-response redirect
http-response redirect code 301 location https://www.junk.abc.com if { hdr_beg(host) -i stuff.xyz.com }
The acl acl_stuff hdr(host) -i stuff.xyz.com/junk.aspx can't match because there is a mix of host and path.
To match host and path try this.
acl match_path path_beg /junk.aspx
acl match_host hdr_beg(host) -i stuff.xyz.com
http-response redirect code 301 location https://www.junk.abc.com if match_host match_path

Redirect www to non-www and http to https in one redirect?

I've been trying to get this to work, but cannot.
I know I can redirect http -> https using something like this:
http-request redirect scheme https code 301 if !{ ssl_fc }
I know I can redirect www -> non-www using something like this:
http-request redirect prefix https://%[hdr(host)] code 301 if { hdr_beg(host) -i www }
// although note this doesn't work for me, it does nothing
I need the following:
http://example.com/any-uri -> https://example.com/any-uri
http://www.example.com/any-uri -> https://example.com/any-uri
https://www.example.com/any-uri -> https://example.com/any-uri
How can I do both http -> https and www -> non-www using a single 301 redirect?
Thanks
I have a solution, although it requires two rules.
http-request redirect prefix https://%[hdr(host),regsub(^www\.,,i)] code 301 if { hdr_beg(host) -i www. }
http-request redirect scheme https code 301 if !{ ssl_fc }
Based on the above, the following will happen, all with a single redirect:
http://example.com/any-uri -> https://example.com/any-uri
http://www.example.com/any-uri -> https://example.com/any-uri
https://www.example.com/any-uri -> https://example.com/any-uri
This is because the first rule catches http://www... and https://www... URLs and redirects them to https://example.com. The remaining case is http://example.com which gets handled by the second rule via a simple redirect to https://example.com.

Why do I get reports of my Nginx redirect failing?

I've got a website sitting behind an Nginx proxy. I've set up Nginx to redirect all traffic from HTTP to HTTPS, like so:
server {
listen 80 default_server;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl default_server;
add_header Strict-Transport-Security "max-age=31536000";
location /api {
include uwsgi_params;
uwsgi_pass api-server:80;
}
location / {
root /web;
}
}
As far as I can tell, this should work. And when I hit my server from multiple locations using curl, I see the permanent redirect I was expecting. But I'm getting reports from some users that they're not getting redirected; instead they're seeing a generic Welcome to nginx! page.
Is there a better configuration I should be using? How can I debug this?
Create separate log files for the http and the https server and see if there are other status code than 301 in the one from the http server.
https://www.nginx.com/resources/admin-guide/logging-and-monitoring/

redirect 301 multiple domain name haproxy

I have a lot of domain names (example.com, www.example.com, example.net, www.example.net, etc...).
How can I redirect all these domains with haproxy ?
For the moment, I am able to redirect domain name by domain name with :
redirect prefix http://www.example.com code 301 if { hdr(host) -i example.fr }
redirect prefix http://www.example.com code 301 if { hdr(host) -i www.example.fr }
But I'd like to have just one line with all my domain names...
Regards
Try an if statement that checks if the host is not www.example.com
redirect prefix http://www.example.com code 301 if !{ hdr(host) -i www.example.com }