Hi Willy, On Tue, Aug 17, 2010 at 07:42:56AM +0200, Willy Tarreau wrote: > Hi Jeremy, > > On Mon, Aug 16, 2010 at 07:37:17PM -0600, Jeremy Hinegardner wrote: > > Hi all, > > > > We are moving all of our apps to be accessed soley via https, and I am > > attempting to force this using haproxy. We have may subdomains and > > I was hoping to be able to do this with one acl and a redirect, but > > it is looking like I need to put in a redirect per backend. > > > > What works: > > > > frontend main > > bind *:80 name http > > bind 127.0.0.1:8443 name https # this is where stunnel forwards > > > > acl host_app1 hdr_beg(host) -i app1.example.com > > use backend app1 if host_app1 > > > > # ... > > # more acls and use clauses, one for each app > > # ... > > > > acl host_appN hdr_beg(host) -i appN.example.com > > use backend appN if host_appN > > > > backend app1 > > acl secure dst_port eq 8443 > > server app1 10.10.25.106:80 check > > redirect prefix https://app1.example.com if !secure > > > > # ... > > # more backends, one for each app > > # ... > > > > backend appN > > acl secure dst_port eq 8443 > > server appN 10.10.25.156:80 check > > redirect prefix https://appN.example.com if !secure > > > > I was wondering if there is a way to have a simple rule in the frontend > > that would do all the redirects for all the backends. Something like: > > > > frontend main > > bind *:80 name http > > bind 127.0.0.1:843 name https > > > > acl secure dst_port eq 8443 > > redirect prefix PUT_SOMETHING_HERE_THAT_WORKS_FOR_ALL_SUBDOMAINS if > > !secure > > Yes, there's an ugly way to do that. First you rewrite the host header > header to include "https://"; in front of it, then you redirect with prefix > "/" (which does not change anything). The redirect will then be performed > on the concatenation of the new host header and the uri. In my opinion, it > should work : > > reqirep ^Host:[\ ]*\(.*\) Host:\ https://\1 if ! secure > redirect prefix / if ! secure > > You can also put that in a specific backend, which will help you monitor > the activity in the stats.
Thanks! I knew there was a solution out there. enjoy, -jeremy -- ======================================================================== Jeremy Hinegardner [email protected]
