Does rspirep work with tcp? Does it not need to be using HTTP mode? David
On May 29, 2013, at 4:28 PM, [email protected] wrote: > Hi Cyril , > > Sorry for the brevity . > > Haproxy IP = 172.17.25.100 ( fiction IP for clarity) > Application server hostname = openamHost > Application server IP = 172.17.25.101 > Url for ssl offload access https://192.168.0.1/sso/Login > > Configured haproxy to ssl offload a tomcat based application running on port > 8080 (OpenAm specifically). > > SSL offload happens , traffic is sent to port 8080 but the application sends > a redirect URL in return as the following > > Problematic URL : http://172.17.25.99:80/sso/Login > > > I used the following directive in the frontend of the haproxy configuration > > > rspirep ^Location:\ http://(.*):80(.*) Location:\ > http://172.17.25.100:8080\2 if { ssl_fc } > > > Generic problem : Haproxy would capture i assumed the problematic URL and > replace it with whatever happens to be "my custom URL"? > > > Specific requirement: The application is wrongly sending the redirect URL , > I would ideally want to capture any HTTP url and convert into > HTTPS so that haproxy can again re-route it to port 8080 after decryption > each time. > > Finally my simple requirement is to be able to control rewriting URLs at > haproxy . > > > haproxy.cfg > > frontend secured *:443 > mode tcp > SSL CERT BLAH BLAH > > rspirep ^Location:\ http://(.*):80(.*) Location:\ > http://172.17.25.100:8080\2 if { ssl_fc } > > default_backend app > > #--------------------------------------------------------------------- > # round robin balancing between the various backends > #--------------------------------------------------------------------- > backend app > mode tcp > balance roundrobin > server app1 172.17.25.101:8080 check > > > Hope i haven't complicated the problem this time :-) > > > Regards > Syed > > > > > > > From: Cyril Bonté <[email protected]> > Sent: Thu, 30 May 2013 01:15:45 > To: "[email protected]" <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: Haproxy issues with rspirep > Hi Syed, > > Le 29/05/2013 21:12, [email protected] a æcopy;crit : > > Hello, > > > > rspirep ^Location:\ http://(.*):80(.*) Location:\ https://\1:443\2 if { > > ssl_fc } > > > > The above works but the following doesn't (Location URL is unchanged ) why ? > > > > rspirep ^Location:\ http://(.*):80(.*) Location:\ > > http://172.17.25.100:8080\2 if { ssl_fc } > > There's a lack of details. One configuration line is not enough to > understand what you want to achieve. It will be hard to help you. > > Can you explain your needs and provide your whole configuration (please > remove any sensitive data, such as passwords, IPs, ...) ? > > Are you sure you really want the "ssl_fc" condition here ? > > > > > > > Reference : > > http://blog.exceliance.fr/2013/02/26/ssl-offloading-impact-on-web-applications/ > > > > > > Regards > > Syed > > > -- > Cyril Bontæcopy;
