Hi Neil,
I tried something similar, by putting the servername and setting 
UseCanonicalName On...
but what i observe is that when i access my website with just xx.com in the 
browser, it directs to https://www.xx.com

but if i start fresh and access my website with www.xx.com and the next 
subsequent requests with xx.com always go to www.xx.com


any clue?


here is the apache default.conf

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName  www.xxx.com

    DocumentRoot /var/www
    <Directory />
        Options FollowSymLinks
        AllowOverride All
    </Directory>
    <Directory /var/www/>
        setenv HTTPS on
        Options FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog /var/log/apache2/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn
    ServerSignature Off
    UseCanonicalName On

    SetEnvIf Request_URI "^/check\.txt$" dontlog
    CustomLog /var/log/apache2/access.log combined env=!dontlog

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>





On Monday, March 3, 2014 5:16 AM, Neil - HAProxy List 
<maillist-hapr...@iamafreeman.com> wrote:
 
Hello Amol


Here is an example of the sort of thing I use


The 3 important things for are
  ServerName https://servicename.domain.com:443
  SetEnv HTTPS on
  UseCanonicalName On



<VirtualHost *:8080>
  ServerName https://servicename.domain.com:443

  ## Vhost docroot
  DocumentRoot /var/www/

  ## Directories, there should at least be a declaration for /var/www

  <Directory /var/www>
    Options Indexes ExecCGI
    AllowOverride None
    Order allow,deny
    Allow from all
  </Directory>

  ## Logging
  LogLevel warn
  ServerSignature Off


  ## Custom fragment
####    This tricks PHP into believing the script was accessed over SSL
  SetEnv HTTPS on

  DirectoryIndex index.php
  UseCanonicalName On

  ErrorLog "|/usr/bin/cronolog --link /var/log/apache2/servicename_error.log 
/var/log/apache2/%Y/servicename_error-%Y%m%d.log"

  LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" 
direct 
  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" 
\"%{User-Agent}i\"" proxied
  SetEnvIf Remote_Addr "^" direct # make it always set
  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" !direct
  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" proxied
  SetEnvIf Request_URI "^/healthcheck$" !direct

  # keep these SetEnvIf Request_URI "^/healthcheck$" !proxied
  CustomLog "|/usr/bin/cronolog --link 
/var/log/apache2/servicename_directaccess 
/var/log/apache2/%Y/servicename_directaccess-%Y%m%d.log" direct env=direct
  CustomLog "|/usr/bin/cronolog --link /var/log/apache2/servicename_access 
/var/log/apache2/%Y/servicename_access-%Y%m%d.log" proxied env=proxied

</VirtualHost>


I like to log traffic from the loadbal separately to traffic from the public 
and I ignore /healthcheck from the loadbal but not from others.  You'll need to 
tell haproxy to "option forwardfor". Also using cronolog.


Neil




On 1 March 2014 15:27, Baptiste <bed...@gmail.com> wrote:

Hi
>
>More chance to get an answer from Apache 2.2 and wordpress people...
>
>Baptiste
>
>
>On Fri, Feb 28, 2014 at 4:12 PM, Amol <mandm_z...@yahoo.com> wrote:
>> well the application behind haproxy in this case is wordpress on apache2.2,
>> any settings there?
>>
>>
>>
>>
>> On Friday, February 28, 2014 4:57 AM, Baptiste <bed...@gmail.com> wrote:
>> It may not fix the issue.
>> But at least the configuration will do what you expect from it...
>>
>> That said, the issue may be in the application too :)
>> It is commonly seen that applications don't behave properly when SSL
>> offloading is enabled in front of them.
>>
>> Baptiste
>>
>>
>> On Thu, Feb 27, 2014 at 4:16 PM, Amol <mandm_z...@yahoo.com> wrote:
>>> Thanks Baptiste, let me give that a try
>>>
>>>
>>>
>>> On Thursday, February 27, 2014 9:37 AM, Baptiste <bed...@gmail.com> wrote:
>>> Hi Amol,
>>>
>>> There are a few improvement you can do.
>>> First update your frontend acl to:
>>>  acl host_xx hdr(host) -i xx.com
>>>
>>> then in your backend, this ACL should never match: "acl login_page
>>> url_beg  /xyz"
>>> replace url_beg by path_beg.
>>>
>>> Your problem is not there as well.
>>> I think your application server is sending hardcoded data or Location
>>> headers.
>>> analyzing the body of the pages and HAProxy logs may help here.
>>>
>>> Baptiste
>>>
>>>
>>>
>>> On Tue, Feb 25, 2014 at 4:56 PM, Amol <mandm_z...@yahoo.com> wrote:
>>>> Hi i am using HA-Proxy version 1.4.12 and i have an issue trying to
>>>> redirect
>>>> my website to "http"
>>>> requirement : when a user types in http://<website_name>.com he should
>>>> not
>>>> be redirected to https://<website_name>.com
>>>> currently it does that and some of the video links on our main page do
>>>> not
>>>> work (basically vimeo has http links while our page is https so it throws
>>>> a
>>>> security exception)
>>>>
>>>> at the same time we need users with http://<website_name>.com/xyz to be
>>>> redirected to https://<website_name>.com/xyz (this helps users login to
>>>> secure application)
>>>>
>>>> so under my current configurations i cannot get the first part to work,
>>>> basically (www.<website_name>.com works and stays http but when i type
>>>> http://<website_name>.com it does a redirection to https)
>>>>
>>>> frontend http-in
>>>>        bind xx.xx.xx.xx:80 name http
>>>>        bind 10.xx.xx.xx:8000 name https # forwared by stunnel
>>>>
>>>>        acl host_xx hdr_beg(host) -i xx.com
>>>>        use_backend xx-http if host_xx
>>>>        default_backend xx-https
>>>>
>>>> backend xx-http
>>>>        balance roundrobin
>>>>        cookie BALANCEID insert indirect nocache
>>>>        option http-server-close
>>>>        option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www
>>>>        server xx-app1 xx.xx.xx.xx:80 cookie A check
>>>>        server xx-app6 xx.xx.xx.xx:80 cookie B check backup
>>>>        acl secure dst_port eq 8000
>>>>        acl login_page url_beg  /xyz
>>>>        redirect prefix https://xx.com if login_page !secure
>>>>
>>>> backend xx-https
>>>>        mode http
>>>>        balance roundrobin
>>>>        cookie BALANCEID insert indirect nocache
>>>>        option http-server-close
>>>>        # option forwardfor except 127.0.0.1
>>>>        option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www
>>>>        server xx-app1 xx.xx.xx.xx:80 cookie s1 weight 1 maxconn 5000
>>>> check
>>>>        server xx-app6 xx.xx.xx.xx:80 cookie s2 weight 1 maxconn 5000
>>>> check
>>>> backup
>>>>
>>>> any suggestions?
>>>>
>>>
>>>
>>>
>>
>>
>>
>
>

Reply via email to