Yes http it is in my config too and not tcp (Away from my server ,hence sent an unedited config for your quick reference) -apologies.
From: David Coulson <[email protected]> Sent: Thu, 30 May 2013 02:10:35 To: [email protected] Cc: "Cyril Bont " <[email protected]>, "[email protected]" <[email protected]> Subject: Re: Haproxy issues with rspirep Does rspirep work with tcp? Does it not need to be using HTTP mode? David On May 29, 2013, at 4:28 PM, [email protected] wrote:Hi Cyril , Sorry for the brevity . Haproxy IP = 172.17.25.100 ( fiction IP for clarity) Application server hostname = openamHost Application server IP = 172.17.25.101 Url for ssl offload access https://192.168.0.1/sso/Login Configured haproxy to ssl offload a tomcat based application running on port 8080 (OpenAm specifically). SSL offload happens , traffic is sent to port 8080 but the application sends a redirect URL in return as the following Problematic URL : http://172.17.25.99:80/sso/Login I used the following directive in the frontend of the haproxy configuration rspirep ^Location:\ http://(.*):80(.*) Location:\ if { ssl_fc } Generic problem : Haproxy would capture i assumed the problematic URL and replace it with whatever happens to be " my="" custom="" url"? Specific requirement: The application is wrongly sending the redirect URL , I would ideally want to capture any HTTP url and convert into HTTPS so that haproxy can again re-route it to port 8080 after decryption each time. Finally my simple requirement is to be able to control rewriting URLs at haproxy . haproxy.cfg if { ssl_fc } default_backend app #--------------------------------------------------------------------- # round robin balancing between the various backends #--------------------------------------------------------------------- backend app mode tcp balance roundrobin server app1 172.17.25.101:8080 check Hope i haven't complicated the problem this time :-) Regards Syed From: Cyril Bonté if { ssl_fc } There's a lack of details. One configuration line is not enough to understand what you want to achieve. It will be hard to help you. Can you explain your needs and provide your whole configuration (please remove any sensitive data, such as passwords, IPs, ...) ? Are you sure you really want the "ssl_fc" condition here ? > > > Reference : > http://blog.exceliance.fr/2013/02/26/ssl-offloading-impact-on-web-applications/ > > > Regards > Syed -- Cyril Bontæcopy;
