Hi Cyril , Sorry for the brevity .
Haproxy IP = 172.17.25.100 ( fiction IP for clarity) Application server hostname = openamHost Application server IP = 172.17.25.101 Url for ssl offload access https://192.168.0.1/sso/Login Configured haproxy to ssl offload a tomcat based application running on port 8080 (OpenAm specifically). SSL offload happens , traffic is sent to port 8080 but the application sends a redirect URL in return as the following Problematic URL : http://172.17.25.99:80/sso/Login I used the following directive in the frontend of the haproxy configuration rspirep ^Location:\ http://(.*):80(.*) Location:\ http://172.17.25.100:8080\2 if { ssl_fc } Generic problem : Haproxy would capture i assumed the problematic URL and replace it with whatever happens to be "my custom URL"? Specific requirement: The application is wrongly sending the redirect URL , I would ideally want to capture any HTTP url and convert into HTTPS so that haproxy can again re-route it to port 8080 after decryption each time. Finally my simple requirement is to be able to control rewriting URLs at haproxy . haproxy.cfg frontend secured *:443 mode tcp SSL CERT BLAH BLAH rspirep ^Location:\ http://(.*):80(.*) Location:\ http://172.17.25.100:8080\2 if { ssl_fc } default_backend app #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend app mode tcp balance roundrobin server app1 172.17.25.101:8080 check Hope i haven't complicated the problem this time :-) Regards Syed From: Cyril Bonté <[email protected]> Sent: Thu, 30 May 2013 01:15:45 To: "[email protected]" <[email protected]> Cc: "[email protected]" <[email protected]> Subject: Re: Haproxy issues with rspirep Hi Syed, Le 29/05/2013 21:12, [email protected] a æcopy;crit : > Hello, > > rspirep ^Location:\ http://(.*):80(.*) Location:\ https://\1:443\2 if { ssl_fc } > > The above works but the following doesn't (Location URL is unchanged ) why ? > > rspirep ^Location:\ http://(.*):80(.*) Location:\ http://172.17.25.100:8080\2 if { ssl_fc } There's a lack of details. One configuration line is not enough to understand what you want to achieve. It will be hard to help you. Can you explain your needs and provide your whole configuration (please remove any sensitive data, such as passwords, IPs, ...) ? Are you sure you really want the "ssl_fc" condition here ? > > > Reference : > http://blog.exceliance.fr/2013/02/26/ssl-offloading-impact-on-web-applications/ > > > Regards > Syed -- Cyril Bontæcopy;
