So far, I used the following method. acl is_for_remail path_reg ^/Microsoft-Server-ActiveSync use_backend bk_remail_cert if is_for_remail
On Sun, Aug 16, 2015 at 10:58 PM Roman Gelfand <[email protected]> wrote: > Thanks for your help. So, it appears that in certain instances a POST is > done using relative path or URN. The question is how do I tell haproxy > that this is related to the original url that is found on the certificate. > Meaning, this part I need to change so that the forwarding is done based > on CN in certificate. Or, perhaps, there is another way to do it. > use_backend bk_remail_cert if { ssl_fc_sni remail.mydomain.com } # > content switching based on SNI > > > > On Thu, Aug 13, 2015 at 12:21 AM Jeff Palmer <[email protected]> wrote: > >> The <NOSRV> in the logs you posted, means that haproxy doesn't believe >> there is a server available on the backend to fulfull the request. >> >> The first request hits the bk_remail_cert backend, but the next two >> requests don't, my guess is that the requests don't match your >> "use_backend" requirements, and you don't have a default_backend set >> for the request to fall through. thus, the <NOSRV> logs. >> >> >> >> >> On Wed, Aug 12, 2015 at 10:58 PM, Roman Gelfand <[email protected]> >> wrote: >> > I am not seeing a response to the following post. The apache backend >> server >> > show now trace of the post request, below. >> > >> > Aug 12 22:43:43 localhost haproxy[15606]: 38.105.236.253:59539 >> > [12/Aug/2015:22:43:12.935] farm_test_ssl~ bk_remail_cert/remail >> > 26582/0/1/3530/30113 200 1229 - - ---- 1/1/0/0/0 0/0 "POST >> > /services/ajax.php/imp/poll HTTP/1.1" >> > Aug 12 22:43:44 localhost haproxy[15606]: 107.107.59.175:29935 >> > [12/Aug/2015:22:43:44.289] farm_test_ssl~ farm_test_ssl/<NOSRV> >> > -1/-1/-1/-1/86 503 212 - - SC-- 1/1/0/0/0 0/0 "POST >> > /Microsoft-Server-ActiveSync?Cmd=Sync&User=ruser%40mydomain.com >> &DeviceId=SEC15CCC18A02315&DeviceType=SAMSUNGSMG900A >> > HTTP/1.1" >> > Aug 12 22:43:57 localhost haproxy[15606]: 107.107.59.175:17798 >> > [12/Aug/2015:22:43:57.550] farm_test_ssl~ farm_test_ssl/<NOSRV> >> > -1/-1/-1/-1/88 503 212 - - SC-- 1/1/0/0/0 0/0 "POST >> > /Microsoft-Server-ActiveSync?Cmd=Sync&User=ruser%40mydomain.com >> &DeviceId=SEC15CCC18A02315&DeviceType=SAMSUNGSMG900A >> > HTTP/1.1" >> > >> > >> > this is the front-end back-end configuration >> > >> > frontend farm_test_ssl >> > mode http >> > bind 0.0.0.0:443 ssl crt crt /etc/ssl/certs/remail.pem >> > use_backend bk_remail_cert if { ssl_fc_sni remail.mydomain.com } # >> content >> > switching based on SNI >> > >> > backend bk_remail_cert >> > mode http >> > server remail 192.168.8.166:80 check >> > http-request set-header X-Forwarded-Proto https if { ssl_fc } >> > >> > >> > >> > On Wed, Aug 12, 2015 at 5:12 PM Jeff Palmer <[email protected]> wrote: >> >> >> >> Describing the issues you think it's causing fire haproxy would also be >> >> helpful. >> >> >> >> On Aug 12, 2015 4:37 PM, "Baptiste" <[email protected]> wrote: >> >>> >> >>> On Wed, Aug 12, 2015 at 6:34 PM, Roman Gelfand <[email protected]> >> >>> wrote: >> >>> > Why would the following apache directives cause problems for >> haproxy. >> >>> > >> >>> > RewriteRule ^/Microsoft-Server-ActiveSync /rpc.php >> >>> > [PT,L,QSA] >> >>> > RewriteRule .* - >> >>> > [E=HTTP_MS_ASPROTOCOLVERSION:%{HTTP:Ms-Asprotocolversion}] >> >>> > RewriteRule .* - >> >>> > [E=HTTP_X_MS_POLICYKEY:%{HTTP:X-Ms-Policykey}] >> >>> > RewriteRule .* - >> >>> > [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] >> >>> > >> >>> > Thanks in advance >> >>> >> >>> >> >>> First, you say 'hi' >> >>> >> >>> Second, you explain your problem and whayt those apache rules are >> >>> supposed to do, what type of application are they applied to and how >> >>> this application is supposed to work. >> >>> >> >>> Without a bit of context, it is impossible to help! >> >>> >> >>> Baptiste >> >>> >> > >> >> >> >> -- >> Jeff Palmer >> https://PalmerIT.net >> >
