Hello,
On Sat, Jan 30, 2010 at 06:05:09PM -0800, Craig Carl wrote:
> All -
> I'm running several sites behind haproxy and stunnel. I would like to
> use haproxy to do two things -
>
> 1. strip the www subdomain from all URI's
> 1. redirect all http:// URI's to https://
>
> I have created two acl's, I'm not sure if the stunnel acl will work with
> the X-Forwarded-For patch??
>
> acl stunnel src 96.14.154.160 #all https traffic, maybe.
The ACL has nothing to do with the X-Forwarded-For header added by stunnel.
It only matches the IP address of the machine connecting to haproxy, in
your case it should be the one running stunnel. Another solution also
consists in sending stunnel connections to a different port (eg: 81) and
checking for the destination port in the ACL.
> acl www_subdom hdr_beg(host) -i www #finds all www.xxxx
>
> My problem is in the redirects, as near as I can tell they only accept
> literal strings, not variables. How do I write
>
> redirect prefix <orig URI with 'www.' stripped> if www_subdom
> redirect prefix <orig URI with http replaced with https> if !stunnel
you can't do that, it requires multiple transformations. First,
the host name does not appear in the request URI. Second, you'd
need to concatenate multiple strings, which we currently can't do.
You'd approximately want to do that :
- redirect to "http://"; + strip_host(Host header) + uri if www_subdom
- redirect to "https://"; + Host header + uri if !stunnel
I'm afraid that you'll have to write as many rules as you have to
support host names.
Regards,
Willy
