so after looking at haproxy logs i noticed 2 things if i type www.xx.com there is 1 log entry
haproxy[26387]: xx.11.11.118:62704 [05/Mar/2014:22:48:02.264] http-in if-https/if1-app 10734/0/0/403/11137 200 10448 - - --VN 20/20/3/1/0 0/0 "GET / HTTP/1.1" but when i type xx.com i see 2 log entries, that means a url redirection is taking place? haproxy[26387]: xx.11.11.118:62681 [05/Mar/2014:22:48:50.075] http-in if-http/if1-app 15670/0/0/265/15935 301 342 - - --VN 17/17/0/1/0 0/0 "GET / HTTP/1.1" haproxy[26387]: xx.xx.xx.240:54320 [05/Mar/2014:22:48:51.271] http-in if-https/if1-app 14872/0/1/417/15290 200 10448 - - --VN 18/18/1/1/0 0/0 "GET / HTTP/1.1" some parts of my config file.. frontend http-in bind <public_ip>:80 name http bind <private_ip>:8000 name https # forwared by stunnel acl host_xx hdr(host) -i xx.com use_backend if-http if host_if default_backend if-https backend if-http acl secure dst_port eq 8000 acl login_page path_beg /exzact redirect prefix https://xx.com if login_page !secure On Wednesday, March 5, 2014 4:08 PM, Amol <mandm_z...@yahoo.com> wrote: Hi Neil, I tried something similar, by putting the servername and setting UseCanonicalName On... but what i observe is that when i access my website with just xx.com in the browser, it directs to https://www.xx.com but if i start fresh and access my website with www.xx.com and the next subsequent requests with xx.com always go to www.xx.com any clue? here is the apache default.conf <VirtualHost *:80> ServerAdmin webmaster@localhost ServerName www.xxx.com DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride All </Directory> <Directory /var/www/> setenv HTTPS on Options FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn ServerSignature Off UseCanonicalName On SetEnvIf Request_URI "^/check\.txt$" dontlog CustomLog /var/log/apache2/access.log combined env=!dontlog Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost> On Monday, March 3, 2014 5:16 AM, Neil - HAProxy List <maillist-hapr...@iamafreeman.com> wrote: Hello Amol Here is an example of the sort of thing I use The 3 important things for are ServerName https://servicename.domain.com:443 SetEnv HTTPS on UseCanonicalName On <VirtualHost *:8080> ServerName https://servicename.domain.com:443 ## Vhost docroot DocumentRoot /var/www/ ## Directories, there should at least be a declaration for /var/www <Directory /var/www> Options Indexes ExecCGI AllowOverride None Order allow,deny Allow from all </Directory> ## Logging LogLevel warn ServerSignature Off ## Custom fragment #### This tricks PHP into believing the script was accessed over SSL SetEnv HTTPS on DirectoryIndex index.php UseCanonicalName On ErrorLog "|/usr/bin/cronolog --link /var/log/apache2/servicename_error.log /var/log/apache2/%Y/servicename_error-%Y%m%d.log" LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" direct LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxied SetEnvIf Remote_Addr "^" direct # make it always set SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" !direct SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" proxied SetEnvIf Request_URI "^/healthcheck$" !direct # keep these SetEnvIf Request_URI "^/healthcheck$" !proxied CustomLog "|/usr/bin/cronolog --link /var/log/apache2/servicename_directaccess /var/log/apache2/%Y/servicename_directaccess-%Y%m%d.log" direct env=direct CustomLog "|/usr/bin/cronolog --link /var/log/apache2/servicename_access /var/log/apache2/%Y/servicename_access-%Y%m%d.log" proxied env=proxied </VirtualHost> I like to log traffic from the loadbal separately to traffic from the public and I ignore /healthcheck from the loadbal but not from others. You'll need to tell haproxy to "option forwardfor". Also using cronolog. Neil On 1 March 2014 15:27, Baptiste <bed...@gmail.com> wrote: Hi > >More chance to get an answer from Apache 2.2 and wordpress people... > >Baptiste > > >On Fri, Feb 28, 2014 at 4:12 PM, Amol <mandm_z...@yahoo.com> wrote: >> well the application behind haproxy in this case is wordpress on apache2.2, >> any settings there? >> >> >> >> >> On Friday, February 28, 2014 4:57 AM, Baptiste <bed...@gmail.com> wrote: >> It may not fix the issue. >> But at least the configuration will do what you expect from it... >> >> That said, the issue may be in the application too :) >> It is commonly seen that applications don't behave properly when SSL >> offloading is enabled in front of them. >> >> Baptiste >> >> >> On Thu, Feb 27, 2014 at 4:16 PM, Amol <mandm_z...@yahoo.com> wrote: >>> Thanks Baptiste, let me give that a try >>> >>> >>> >>> On Thursday, February 27, 2014 9:37 AM, Baptiste <bed...@gmail.com> wrote: >>> Hi Amol, >>> >>> There are a few improvement you can do. >>> First update your frontend acl to: >>> acl host_xx hdr(host) -i xx.com >>> >>> then in your backend, this ACL should never match: "acl login_page >>> url_beg /xyz" >>> replace url_beg by path_beg. >>> >>> Your problem is not there as well. >>> I think your application server is sending hardcoded data or Location >>> headers. >>> analyzing the body of the pages and HAProxy logs may help here. >>> >>> Baptiste >>> >>> >>> >>> On Tue, Feb 25, 2014 at 4:56 PM, Amol <mandm_z...@yahoo.com> wrote: >>>> Hi i am using HA-Proxy version 1.4.12 and i have an issue trying to >>>> redirect >>>> my website to "http" >>>> requirement : when a user types in http://<website_name>.com he should >>>> not >>>> be redirected to https://<website_name>.com >>>> currently it does that and some of the video links on our main page do >>>> not >>>> work (basically vimeo has http links while our page is https so it throws >>>> a >>>> security exception) >>>> >>>> at the same time we need users with http://<website_name>.com/xyz to be >>>> redirected to https://<website_name>.com/xyz (this helps users login to >>>> secure application) >>>> >>>> so under my current configurations i cannot get the first part to work, >>>> basically (www.<website_name>.com works and stays http but when i type >>>> http://<website_name>.com it does a redirection to https) >>>> >>>> frontend http-in >>>> bind xx.xx.xx.xx:80 name http >>>> bind 10.xx.xx.xx:8000 name https # forwared by stunnel >>>> >>>> acl host_xx hdr_beg(host) -i xx.com >>>> use_backend xx-http if host_xx >>>> default_backend xx-https >>>> >>>> backend xx-http >>>> balance roundrobin >>>> cookie BALANCEID insert indirect nocache >>>> option http-server-close >>>> option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www >>>> server xx-app1 xx.xx.xx.xx:80 cookie A check >>>> server xx-app6 xx.xx.xx.xx:80 cookie B check backup >>>> acl secure dst_port eq 8000 >>>> acl login_page url_beg /xyz >>>> redirect prefix https://xx.com if login_page !secure >>>> >>>> backend xx-https >>>> mode http >>>> balance roundrobin >>>> cookie BALANCEID insert indirect nocache >>>> option http-server-close >>>> # option forwardfor except 127.0.0.1 >>>> option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www >>>> server xx-app1 xx.xx.xx.xx:80 cookie s1 weight 1 maxconn 5000 >>>> check >>>> server xx-app6 xx.xx.xx.xx:80 cookie s2 weight 1 maxconn 5000 >>>> check >>>> backup >>>> >>>> any suggestions? >>>> >>> >>> >>> >> >> >> > >