Hi,
On 03/11/13 20:58, David Coulson wrote:
> I am trying to setup HAProxy as a reverse-proxy for a nasty application that
> really wants the Host: header on the backend request to match the hostname of
> the backend system - It's a off-the-shelf app, so there is no opportunity to
> make modifications to this.
>
> So far I've got a rspirep to strip out 301/302 Location headers and put in
> the HAProxy instance hostname, but on the backend I still have to replace
> Host: with the backend server name. With only one backend server and a hard
> coded reqirep header it works, however somehow I need a per-server reqirep
> substitution.
As you allready noticed, you cant do that directly.
> Other option would be to define to separate backends and balance between
> those, but not sure how to do that either.
Yes thats right. But normally you cant balance of multiple backends,
except you play with proxy chainging.
> Here is relevant part of my haproxy.cfg:
>
> global
> user haproxy
> group haproxy
> log 127.0.0.1 local2
> daemon
> stats socket /var/run/haproxy.stat mode 600 level admin
> maxconn 40000
> ulimit-n 81000
> chroot /var/lib/haproxy
> pidfile /var/run/haproxy.pid
> crt-base /etc/haproxy/ssl
>
> backend console-selfservice
> reqirep ^Host Host:\ rhesprodapp01.domain.com:7004
> server rhesprodapp01 10.250.52.216:7004 check ssl
> # server rhesprodapp02 10.250.52.217:7004 check ssl
>
>
> frontend myapp
> timeout client 86400000
> mode http
> option httpclose
> option forwardfor
> balance source
> bind :443 ssl crt domain.com.crt ciphers
> ECDHE-RSA-AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
> default_backend console-selfservice
> rspirep ^Location:\s*https://([^/]*)/(.*)$ Location:\
> https://myapp.domain.com/\2
>
>
> Any suggestions?
Ive created a config, that hopefully shows you the right direction.
---snipp---
global
maxconn 65000
ulimit-n 65535
uid 0
gid 0
daemon
stats socket /var/run/haproxy.stat level admin
nbproc 1
defaults
maxconn 40000
retries 10
option redispatch
option http-server-close
option forceclose
option tcp-smart-accept
option tcp-smart-connect
contimeout 15s
clitimeout 30s
srvtimeout 60s
listen app1
bind :8080
mode http
maxconn 200
stats enable
stats uri /
frontend www-80
bind :80
mode http
option accept-invalid-http-request
reqidel ^X-Forwarded-For:.*
maxconn 20000
option forwardfor
default_backend be_default
frontend fe_01
bind 127.0.0.1:81 accept-proxy id 1
mode http
reqirep ^Host:\ Host:\ one
option forwardfor
default_backend be_01
frontend fe_02
bind 127.0.0.1:82 accept-proxy id 2
mode http
option forwardfor
reqirep ^Host:\ Host:\ two
default_backend be_02
backend be_01
balance roundrobin
mode http
server 01 172.18.4.39:80 check maxconn 10 id 01
backend be_02
balance roundrobin
mode http
server 02 172.18.4.41:80 check maxconn 10 id 02
backend be_default
balance roundrobin
mode http
server 01 127.0.0.1:81 track be_01/01 send-proxy maxconn 10
server 02 127.0.0.1:82 track be_02/02 send-proxy maxconn 10
--snipp--
> David
>
thomas
