Hi. Looks like there is some confusion about your question. Let me try to summarize what I think that you could mean.
Am 08.05.2018 um 16:22 schrieb UPPALAPATI, PRAVEEN: > Hi Aleks, > > Sorry I missed the group. > > My Full Config: > > #--------------------------------------------------------------------- > # Example configuration for a possible web application. See the > # full configuration options online. > # > # http://haproxy.1wt.eu/download/1.3/doc/configuration.txt This should be https://www.haproxy.org/download/1.8/doc/configuration.txt or https://cbonte.github.io/haproxy-dconv/1.8/configuration.html > #--------------------------------------------------------------------- > > #--------------------------------------------------------------------- > # Global settings > #--------------------------------------------------------------------- > global > log 127.0.0.1:514 local0 info alert > log 127.0.0.1:514 local2 info alert > maxconn 20000 > user haproxy > group haproxy > daemon > nbthread 4 > ssl-server-verify none > > tune.ssl.default-dh-param 2048 > > > > #--------------------------------------------------------------------- > # common defaults that all the 'listen' and 'backend' sections will > # use if not designated in their block > #--------------------------------------------------------------------- > defaults > > log global > mode http > option dontlognull > rate-limit sessions 6000 > timeout connect 300000 # default 10 second time out if a backend is not > found The comment is not true. The current timeout is 300s https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#2.4 > timeout client 6600000 > timeout server 6600000 This is 110m ~ 1.8 hours > option http-server-close > maxconn 20000 > retries 3 > > > listen http_proxy-1000 > bind *:1000 > mode http > option httplog > http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri] > option http_proxy > #--------------------------------------------------------------------- I miss here the server line. > I also tried : > > listen http_proxy-1000 > bind *:1000 ssl crt certs.pem > mode http > option httplog > http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri] > option http_proxy Same here. I tried also both configs and have the same result '<NOSRV>' as you have. Your line >> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1" >> My Test ### May 8 22:52:54 app001 haproxy[5141]: Proxy http_proxy-1000 started. May 8 22:52:59 app001 haproxy[5141]: 127.0.0.1:52046 [08/May/2018:22:52:59.177] http_proxy-1000 http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0 "GET /test/test.txt?Host=www.google.com:80 HTTP/1.1" ### I think that the you need at least ONE server line. I assume you want to set the destination server dynamically based on the query parameter 'Host|idnsredirHost|redirHost', it's not clear which parameter you want, as Shawn mentioned. Maybe you can take a look into the following links. https://discourse.haproxy.org/t/dynamic-server-selection/149/2 https://www.egnyte.com/blog/2017/04/dynamic-backends-in-haproxy-with-lua/ Is this what you need? >> HAProxy Version : > > //opt/app/haproxy/sbin/haproxy -vv > HA-Proxy version 1.8.4-1deb90d 2018/02/08 [snipp] >> Was the acl below helpfull? > Yes and also wanted to know if there is a way to print o/p of : hdr_beg(host) > for debug purposes You can capture the host header the captured one will be displayed in the logs. I don't think that you only can get the result of `hdr_beg(host)` easily, maybe I'm wrong. https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-capture%20request%20header Config: ``` capture request header Host len 15 ``` ``` ubuntu@app001:~$ curl -v 'http://localhost:1000/test/test.txt?Host=www.google.com:80' * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 1000 (#0) > GET /test/test.txt?Host=www.google.com:80 HTTP/1.1 > Host: localhost:1000 > User-Agent: curl/7.47.0 > Accept: */* > * HTTP 1.0, assume close after body < HTTP/1.0 400 Bad request < Cache-Control: no-cache < Connection: close < Content-Type: text/html < <html><body><h1>400 Bad request</h1> Your browser sent an invalid request. </body></html> * Closing connection 0 ubuntu@app001:~$ fg sudo tail -f /var/log/haproxy.log May 8 23:37:54 app001 haproxy[8804]: Proxy http_proxy-1000 started. May 8 23:37:58 app001 haproxy[8804]: 127.0.0.1:35988 [08/May/2018:23:37:58.074] http_proxy-1000 http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0 {localhost:1000} "GET /test/test.txt?Host=www.google.com:80 HTTP/1.1" ``` Best regards Aleks > Thanks, > Praveen. > > -----Original Message----- > From: Aleksandar Lazic [mailto:[email protected]] > Sent: Tuesday, May 08, 2018 7:40 AM > To: UPPALAPATI, PRAVEEN <[email protected]>; [email protected] > Subject: Re: 502 Bad Gateway > > Hi. > > Please post only to the mailing list, thanks. > Please keep the mailinglist in the mail loop => "Answer all". > > Am 08.05.2018 um 07:25 schrieb UPPALAPATI, PRAVEEN: >> Hi Haproxy-Team, >> >> I have the following configuration: >> >> listen http_proxy-1000 >> bind *:1000 >> mode http >> option httplog >> http-request set-uri >> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e= >> >> option http_proxy > > This isn't the whole config, isn't it? > > The 'url_param' does not match the request below, afais. > > Please can you answer the following questions. > > Which HAProxy Version do you use? > What's the whole HAProxy config? > Was the acl below helpfull? > > Regards > Aleks > >> If I issue a request to that port : >> >> https://<haproxyHost>:1000 >> /test/test.txt?Host=<desthost>:8093 >> >> I get <BadReq> >> >> If I add ssl termination to the config: >> >> listen http_proxy-1000 >> bind *:1000 ssl test.pem >> mode http >> option httplog >> http-request set-uri >> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e= >> >> option http_proxy >> >> >> I get : >> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET >> /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1" >> >> I have also set : >> >> ssl-server-verify none >> >> @global still no luck. >> >> Let me know if I am missing anything . >> >> Thanks, >> Praveen. >> >> >> -----Original Message----- >> From: Aleksandar Lazic [mailto:[email protected]] >> Sent: Tuesday, May 01, 2018 7:22 AM >> To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]> >> Cc: Olivier Houchard <[email protected]>; [email protected] >> Subject: Re: Logging Question >> >> Hi. >> >> Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN: >>> >>> Hi Willy/Oliver, >>> >>> One small question: >>> >>> When I capture the header it's returning xxxx.com in the log but when I >>> perform Get on xxxx.com:1000 it is not matching the following configuration. >>> >>> frontend http-1000 >>> bind *:1000 >>> option httplog >>> capture request header Host len 20 >>> acl is_east hdr(host) -i xxxx.com >> >> Maybe this helps? >> >> acl is_east hdr_beg(host) -i xxxx.com >> >>> use_backend east_bk_1000_read if is_east >>> >>> My question is how can I print o/p of hdr(host) & is_east to log? >>> >>> Appreciate your help. >>> >>> Thanks, >>> Praveen. >> >> Regards >> Aleks >> >
