Hi Praveen. Am 15.05.2018 um 16:28 schrieb UPPALAPATI, PRAVEEN: > Hi Alek/Haproxy Team, > > Any other way to effectively get the https proxy working ? > > Currently we are manually adding servers which is putting a limit to get the > dynamic nature.
Not with haproxy out of the box afaik, maybe you can use some lua-scripts. > Thanks, > Praveen. Regards Aleks > -----Original Message----- > From: Aleksandar Lazic [mailto:[email protected]] > Sent: Wednesday, May 09, 2018 6:38 AM > To: UPPALAPATI, PRAVEEN <[email protected]> > Cc: [email protected]; SIVANANDHAM, THANIGAIVEL <[email protected]> > Subject: Re: 502 Bad Gateway > > Hi Praveen. > > Am 09-05-2018 00:25, schrieb UPPALAPATI, PRAVEEN: >> Hi Aleks, >> >> Thanks for the info. >> >> Some of the default config we corrected in the prod. >> >> Let me clarify you on whatz working and whatz not working for us with >> option http-proxy >> >> Config: >> >> listen http_proxy-1000 >> bind *:1000 >> mode http >> option httplog >> http-request set-uri >> https://urldefense.proofpoint.com/v2/url?u=http-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=p29xLcYDASs3x4Jull7dRenJ5n83VByMzJgUh-as5KE&s=A446uw28K_ENq4r6wM0I8IP1BmfA-kIvREkV-nAa80g&e= >> >> option http_proxy >> >> reqUrl : >> http://<haproxyhost>:1000/test/health.txt?redirHost:<destinationServer>:<port> >> >> this gets converted to: >> >> http:// >> <destinationServer>:<port>/test/health.txt?redirHost:<destinationServer>:<port> > > With blank or without blank? > >> This config in the log still says <noserv> but option http_proxy will >> route to the updated url and I get 200 OK >> >> this is our intended behavior and works fine > > Cool. Then is the '<NOSRV>' a little bit misleading, at least for me. > >> What's not working for us is if we have to do this for https >> >> listen http_proxy-1000 >> bind *:1000 ssl test.pem >> mode http >> option httplog >> http-request set-uri >> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=p29xLcYDASs3x4Jull7dRenJ5n83VByMzJgUh-as5KE&s=BUzhtM4LAJ_Y8KSJiDEnYdiaFjSV3706amy-DEw693s&e= >> >> option http_proxy >> >> Hope this helps. > > Yes. > > In the doc is only the 'http://' schema mentioned, I'm not sure if https > should work. > https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-234-2Doption-2520http-5Fproxy&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=p29xLcYDASs3x4Jull7dRenJ5n83VByMzJgUh-as5KE&s=LJalrOltyqxtwsl8VWJF1vWhID6jTOLuPQRgiJW37Qw&e= > > > Sorry for the rush but I can't answer this question. > >> Thanks, >> Praveen. > > Best regards > Aleks > >> -----Original Message----- >> From: Aleksandar Lazic [mailto:[email protected]] >> Sent: Tuesday, May 08, 2018 4:55 PM >> To: UPPALAPATI, PRAVEEN <[email protected]>; [email protected] >> Subject: 502 Bad Gateway >> >> Hi. >> >> Looks like there is some confusion about your question. >> Let me try to summarize what I think that you could mean. >> >> Am 08.05.2018 um 16:22 schrieb UPPALAPATI, PRAVEEN: >>> Hi Aleks, >>> >>> Sorry I missed the group. >>> >>> My Full Config: >>> >>> #--------------------------------------------------------------------- >>> # Example configuration for a possible web application. See the >>> # full configuration options online. >>> # >>> # >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__haproxy.1wt.eu_download_1.3_doc_configuration.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=C4BCJfT0RK1be2KQmPIHso7q5thkyKsIk1ouBDtjtaE&e= >> >> This should be >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.org_download_1.8_doc_configuration.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=q4U8esi96_sOL0XvcAS53n77UDq1oCz3zVhsj6sPHVQ&e= >> or >> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=mVj1QMb_Ass1oDZB-LXh4cJl_3_UTYoRPxNsxQncTNY&e= >> >>> #--------------------------------------------------------------------- >>> >>> #--------------------------------------------------------------------- >>> # Global settings >>> #--------------------------------------------------------------------- >>> global >>> log 127.0.0.1:514 local0 info alert >>> log 127.0.0.1:514 local2 info alert >>> maxconn 20000 >>> user haproxy >>> group haproxy >>> daemon >>> nbthread 4 >>> ssl-server-verify none >>> >>> tune.ssl.default-dh-param 2048 >>> >>> >>> >>> #--------------------------------------------------------------------- >>> # common defaults that all the 'listen' and 'backend' sections will >>> # use if not designated in their block >>> #--------------------------------------------------------------------- >>> defaults >>> >>> log global >>> mode http >>> option dontlognull >>> rate-limit sessions 6000 >>> timeout connect 300000 # default 10 second time out if a backend >>> is not found >> >> The comment is not true. >> >> The current timeout is 300s >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-232.4&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=0go0CAnboRAg0FIQf1rqTaUbPxDeuEfStrtb0ul5Z4k&e= >> >>> timeout client 6600000 >>> timeout server 6600000 >> This is 110m ~ 1.8 hours >> >>> option http-server-close >>> maxconn 20000 >>> retries 3 >>> >>> >>> listen http_proxy-1000 >>> bind *:1000 >>> mode http >>> option httplog >>> http-request set-uri >>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=Enzg1AulwX2G4bls9I-eiwsFm-vC1gYMGz0GPEpR89o&e= >>> option http_proxy >>> #--------------------------------------------------------------------- >> >> I miss here the server line. >> >>> I also tried : >>> >>> listen http_proxy-1000 >>> bind *:1000 ssl crt certs.pem >>> mode http >>> option httplog >>> http-request set-uri >>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=Enzg1AulwX2G4bls9I-eiwsFm-vC1gYMGz0GPEpR89o&e= >>> option http_proxy >> Same here. >> >> I tried also both configs and have the same result '<NOSRV>' as you >> have. >> >> Your line >>>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 >>>> "GET >> /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1" >>>> >> >> My Test >> ### >> May 8 22:52:54 app001 haproxy[5141]: Proxy http_proxy-1000 started. >> May 8 22:52:59 app001 haproxy[5141]: 127.0.0.1:52046 >> [08/May/2018:22:52:59.177] http_proxy-1000 >> http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0 >> "GET >> /test/test.txt?Host=www.google.com:80 HTTP/1.1" >> ### >> >> I think that the you need at least ONE server line. >> >> I assume you want to set the destination server dynamically based on >> the query parameter >> 'Host|idnsredirHost|redirHost', it's not clear which parameter you >> want, as Shawn mentioned. >> >> Maybe you can take a look into the following links. >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__discourse.haproxy.org_t_dynamic-2Dserver-2Dselection_149_2&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=ZRhHfBHC6Uu00ktMxf4fzTwMqKN7YQPjlrES6mBRDA0&e= >> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.egnyte.com_blog_2017_04_dynamic-2Dbackends-2Din-2Dhaproxy-2Dwith-2Dlua_&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=YcEYgyPUHsGsau3PttfPLca26yyBLqDGv3onjyiBVtY&e= >> >> Is this what you need? >> >>>> HAProxy Version : >>> >>> //opt/app/haproxy/sbin/haproxy -vv >>> HA-Proxy version 1.8.4-1deb90d 2018/02/08 >> >> [snipp] >> >>>> Was the acl below helpfull? >>> Yes and also wanted to know if there is a way to print o/p of : >>> hdr_beg(host) for debug purposes >> >> You can capture the host header the captured one will be displayed in >> the logs. >> I don't think that you only can get the result of `hdr_beg(host)` >> easily, maybe I'm wrong. >> >> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-234.2-2Dcapture-2520request-2520header&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=3h2iuYZHv2LKLc2sQwlp4kKRyksmDOdijU7C9fLnI7c&e= >> >> Config: >> >> ``` >> capture request header Host len 15 >> ``` >> >> ``` >> ubuntu@app001:~$ curl -v >> 'http://localhost:1000/test/test.txt?Host=www.google.com:80' >> * Trying 127.0.0.1... >> * Connected to localhost (127.0.0.1) port 1000 (#0) >>> GET /test/test.txt?Host=www.google.com:80 HTTP/1.1 >>> Host: localhost:1000 >>> User-Agent: curl/7.47.0 >>> Accept: */* >>> >> * HTTP 1.0, assume close after body >> < HTTP/1.0 400 Bad request >> < Cache-Control: no-cache >> <Connection:close> < Content-Type: text/html >> < >> <html><body><h1>400 Bad request</h1> >> Your browser sent an invalid request. >> </body></html> >> * Closing connection 0 >> >> ubuntu@app001:~$ fg >> sudo tail -f /var/log/haproxy.log >> May 8 23:37:54 app001 haproxy[8804]: Proxy http_proxy-1000 started. >> May 8 23:37:58 app001 haproxy[8804]: 127.0.0.1:35988 >> [08/May/2018:23:37:58.074] http_proxy-1000 >> http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0 >> {localhost:1000} "GET >> /test/test.txt?Host=www.google.com:80 HTTP/1.1" >> ``` >> >> Best regards >> >> Aleks >> >>> Thanks, >>> Praveen. >>> >>> -----Original Message----- >>> From: Aleksandar Lazic [mailto:[email protected]] >>> Sent: Tuesday, May 08, 2018 7:40 AM >>> To: UPPALAPATI, PRAVEEN <[email protected]>; [email protected] >>> Subject: Re: 502 Bad Gateway >>> >>> Hi. >>> >>> Please post only to the mailing list, thanks. >>> Please keep the mailinglist in the mail loop => "Answer all". >>> >>> Am 08.05.2018 um 07:25 schrieb UPPALAPATI, PRAVEEN: >>>> Hi Haproxy-Team, >>>> >>>> I have the following configuration: >>>> >>>> listen http_proxy-1000 >>>> bind *:1000 >>>> mode http >>>> option httplog >>>> http-request set-uri >>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e= >>>> option http_proxy >>> >>> This isn't the whole config, isn't it? >>> >>> The 'url_param' does not match the request below, afais. >>> >>> Please can you answer the following questions. >>> >>> Which HAProxy Version do you use? >>> What's the whole HAProxy config? >>> Was the acl below helpfull? >>> >>> Regards >>> Aleks >>> >>>> If I issue a request to that port : >>>> >>>> https://<haproxyHost>:1000 >>>> /test/test.txt?Host=<desthost>:8093 >>>> >>>> I get <BadReq> >>>> >>>> If I add ssl termination to the config: >>>> >>>> listen http_proxy-1000 >>>> bind *:1000 ssl test.pem >>>> mode http >>>> option httplog >>>> http-request set-uri >>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e= >>>> option http_proxy >>>> >>>> >>>> I get : >>>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 >>>> "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1" >>>> >>>> I have also set : >>>> >>>> ssl-server-verify none >>>> >>>> @global still no luck. >>>> >>>> Let me know if I am missing anything . >>>> >>>> Thanks, >>>> Praveen. >>>> >>>> >>>> -----Original Message----- >>>> From: Aleksandar Lazic [mailto:[email protected]] >>>> Sent: Tuesday, May 01, 2018 7:22 AM >>>> To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]> >>>> Cc: Olivier Houchard <[email protected]>; [email protected] >>>> Subject: Re: Logging Question >>>> >>>> Hi. >>>> >>>> Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN: >>>>> >>>>> Hi Willy/Oliver, >>>>> >>>>> One small question: >>>>> >>>>> When I capture the header it's returning xxxx.com in the log but >>>>> when I perform Get on xxxx.com:1000 it is not matching the following >>>>> configuration. >>>>> >>>>> frontend http-1000 >>>>> bind *:1000 >>>>> option httplog >>>>> capture request header Host len 20 >>>>> acl is_east hdr(host) -i xxxx.com >>>> >>>> Maybe this helps? >>>> >>>> acl is_east hdr_beg(host) -i xxxx.com >>>> >>>>> use_backend east_bk_1000_read if is_east >>>>> >>>>> My question is how can I print o/p of hdr(host) & is_east to log? >>>>> >>>>> Appreciate your help. >>>>> >>>>> Thanks, >>>>> Praveen. >>>> >>>> Regards >>>> Aleks
