Hi Jeremy, On Mon, Aug 16, 2010 at 07:37:17PM -0600, Jeremy Hinegardner wrote: > Hi all, > > We are moving all of our apps to be accessed soley via https, and I am > attempting to force this using haproxy. We have may subdomains and > I was hoping to be able to do this with one acl and a redirect, but > it is looking like I need to put in a redirect per backend. > > What works: > > frontend main > bind *:80 name http > bind 127.0.0.1:8443 name https # this is where stunnel forwards > > acl host_app1 hdr_beg(host) -i app1.example.com > use backend app1 if host_app1 > > # ... > # more acls and use clauses, one for each app > # ... > > acl host_appN hdr_beg(host) -i appN.example.com > use backend appN if host_appN > > backend app1 > acl secure dst_port eq 8443 > server app1 10.10.25.106:80 check > redirect prefix https://app1.example.com if !secure > > # ... > # more backends, one for each app > # ... > > backend appN > acl secure dst_port eq 8443 > server appN 10.10.25.156:80 check > redirect prefix https://appN.example.com if !secure > > I was wondering if there is a way to have a simple rule in the frontend > that would do all the redirects for all the backends. Something like: > > frontend main > bind *:80 name http > bind 127.0.0.1:843 name https > > acl secure dst_port eq 8443 > redirect prefix PUT_SOMETHING_HERE_THAT_WORKS_FOR_ALL_SUBDOMAINS if > !secure
Yes, there's an ugly way to do that. First you rewrite the host header header to include "https://"; in front of it, then you redirect with prefix "/" (which does not change anything). The redirect will then be performed on the concatenation of the new host header and the uri. In my opinion, it should work : reqirep ^Host:[\ ]*\(.*\) Host:\ https://\1 if ! secure redirect prefix / if ! secure You can also put that in a specific backend, which will help you monitor the activity in the stats. Hoping this helps, Willy
