Am 12.09.17 um 22:11 schrieb Markus Rietzler:
> i have some acls in my haproxy.cfg.
> i want to do a http https redirection for some of my urls
>
>
> acl pathContent path_beg /foo /bar
> acl is_root path -i /
> redirect scheme https code 301 if redirect_neander pathContent
> redirect scheme https code 301 if redirect_neander is_root
>
> i sometimes see a "503 Service unavailable" error in my browser.
>
> this is a curl call to my server:
>
> curl -v http://www.server.de/foo
> * Trying 12.34.45.67...
> * TCP_NODELAY set
> * Connected to www.server.de (12.34.45.67) port 80 (#0)
>> GET /agb HTTP/1.1
>> Host: www.server.de
>> User-Agent: curl/7.54.0
>> Accept: */*
>>
> < HTTP/1.1 301 Moved Permanently
> < Content-length: 0
> < Location: https://www.server.de/foo
> <
> * Connection #0 to host www.neanderticket.de left intact
>
> and in my haproxy.log i see
>
> 77.88.99.11:34548 [12/Sep/2017:22:09:28.741] www www/<NOSRV> 0/-1/-1/-1/0
> 503 309 - - LR-- 34/22/0/0/0 0/0
> {www.server.de|curl/7.54.0} "GET /foo HTTP/1.1"\
>
> when accessed via iphone the page is redirected to ssl. then it is ok, all
> objects are loaded via ssl and the page is
> displayed ok. BUT i do get the 503 NOSRV error in the haproxy.log.
>
> i have several 503 erros in the logs. i am a little concerned that this is a
> real error and my users do see a 503 error
> page in the browser - at least sometimes.
>
>
> markus
>
>
if i use the acl in my frontend section i get the 503 if i use it in my backend
section there is no error...
with the redirect scheme rules in the backend section it seems to work pretty
good. now i get the log
77.88.99.11:48362 [12/Sep/2017:22:30:34.115] www lbwww/master 4/0/0/-1/4 301
97 - - LR-- 47/27/0/1/0 0/0
{www.server.de|curl/7.54.0} "HEAD /foo HTTP/1.1"\
even the tests with curl or my iphone do what they should. i see the 301 in my
haproxy.log, my iphone displays the page
the way it should (switched from http to https)
./sbin/haproxy -vv
HA-Proxy version 1.7.6 2017/06/16
Copyright 2000-2017 Willy Tarreau <[email protected]>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv
OPTIONS = USE_ZLIB=1 USE_OPENSSL=yes USE_LUA=1 USE_PCRE=yes
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"),
raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016
Running on OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.38 2015-11-23
Running on PCRE version : 8.38 2015-11-23
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with Lua version : Lua 5.3.1
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[COMP] compression
[TRACE] trace
[SPOE] spoe
