Thanks Baptiste, let me give that a try
On Thursday, February 27, 2014 9:37 AM, Baptiste <bed...@gmail.com> wrote: Hi Amol, There are a few improvement you can do. First update your frontend acl to: acl host_xx hdr(host) -i xx.com then in your backend, this ACL should never match: "acl login_page url_beg /xyz" replace url_beg by path_beg. Your problem is not there as well. I think your application server is sending hardcoded data or Location headers. analyzing the body of the pages and HAProxy logs may help here. Baptiste On Tue, Feb 25, 2014 at 4:56 PM, Amol <mandm_z...@yahoo.com> wrote: > Hi i am using HA-Proxy version 1.4.12 and i have an issue trying to redirect > my website to "http" > requirement : when a user types in http://<website_name>.com he should not > be redirected to https://<website_name>.com > currently it does that and some of the video links on our main page do not > work (basically vimeo has http links while our page is https so it throws a > security exception) > > at the same time we need users with http://<website_name>.com/xyz to be > redirected to https://<website_name>.com/xyz (this helps users login to > secure application) > > so under my current configurations i cannot get the first part to work, > basically (www.<website_name>.com works and stays http but when i type > http://<website_name>.com it does a redirection to https) > > frontend http-in > bind xx.xx.xx.xx:80 name http > bind 10.xx.xx.xx:8000 name https # forwared by stunnel > > acl host_xx hdr_beg(host) -i xx.com > use_backend xx-http if host_xx > default_backend xx-https > > backend xx-http > balance roundrobin > cookie BALANCEID insert indirect nocache > option http-server-close > option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www > server xx-app1 xx.xx.xx.xx:80 cookie A check > server xx-app6 xx.xx.xx.xx:80 cookie B check backup > acl secure dst_port eq 8000 > acl login_page url_beg /xyz > redirect prefix https://xx.com if login_page !secure > > backend xx-https > mode http > balance roundrobin > cookie BALANCEID insert indirect nocache > option http-server-close > # option forwardfor except 127.0.0.1 > option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www > server xx-app1 xx.xx.xx.xx:80 cookie s1 weight 1 maxconn 5000 check > server xx-app6 xx.xx.xx.xx:80 cookie s2 weight 1 maxconn 5000 check > backup > > any suggestions? >
