Hi.

Am 20.05.2019 um 17:04 schrieb Mortada, Mahmoud:
> Hi All,
> 
> I am using haproxy version 1.5.18 with Atlassian Jira data center.
> 
> [root@ies-esd-jiradc-loadb-stage haproxy]# haproxy -version
> 
> HA-Proxy version 1.5.18 2016/05/10
> 
> Copyright 2000-2016 Willy Tarreau <wi...@haproxy.org>
> 
> Please find below haproxy.cfg configuration I have:
> 
> I am trying to enable https for Jira.

Do you mean you want to use TLS on the tomcat server or you want that HAProxy
terminate TLS and talk to JIRA via plain http?

> I want to redirect all jira links using http with 8080 or without 8080 port in
> the link to https

This

> Current status using below haproxy.cfg:
> 
> https link working fine
> 
> http link without 8080 port redirect automatically to https working fine
> 
> I am only having issue then try to access http link with 8080 port it redirect
> me to https link but with 8080 port show up on the link and I don’t want to 
> 8080
> port show up after redirection to https.
> 
> Can you please advise ?



> [root@ies-esd-jiradc-loadb-stage haproxy]# cat haproxy.cfg
> 
> global
> 
>     pidfile     /var/run/haproxy.pid
> 
>     maxconn     4000
> 
>     user        haproxy
> 
>     group       haproxy
> 
>     daemon
> 
>     tune.ssl.default-dh-param 1024

I would increase this at least to 2048

> defaults
> 
>     log                     global
> 
>     mode http
> 
>     option                  dontlognull
> 
>     option                  redispatch
> 
>     retries                 3
> 
>     timeout http-request    10s
> 
>     timeout queue           1m
> 
>     timeout connect         10s
> 
>     timeout client          1m
> 
>     timeout server          1m
> 
>     timeout http-keep-alive 10s
> 
>     timeout check           10s
> 
>     maxconn                 3000
> 
>     errorfile               408 /dev/null       # Workaround for Chrome 35-36
> bug.  See 
> http://blog.haproxy.com/2014/05/26/haproxy-and-http-errors-408-in-chrome/

I would use here `option http-ignore-probes`.

> frontend jira_http_frontend
> 
>     bind *:8080 ssl crt /etc/cert.pem
> 
>     bind *:443 ssl crt /etc/cert.pem
> 
>     acl secure dst_port eq 443
> 
>     redirect scheme https if !{ ssl_fc }
>
>     rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains;\
> preload
> 
>     rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure

Maybe this helps.

      # https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#7.3.6-url
      http-request set-path /%[url]

>     default_backend jira_http_backend
>  
> 
> backend jira_http_backend
> 
>     option httplog
>     option httpchk GET /status
>     option forwardfor
>     option http-server-close
>     balance roundrobin
>     cookie JSESSIONID prefix nocache
>     stick-table type string len 52 size 5M expire 30m
>     http-request set-header X-Forwarded-Port %[dst_port]
>     http-request add-header X-Forwarded-Proto https if { ssl_fc }
>     server ies-esd-jiradc-node1-stage.ies.mentorg.com 10.249.2.152:8080 check
> cookie ies-esd-jiradc-node1-stage.ies.mentorg.com
>     # The following "backup" servers are just here to show the startup page 
> when
> all nodes are starting up
>     server ies-esd-jiradc-node1-stage.ies.mentorg.com 10.249.2.152:8080 backup
> 
> listen admin
>     bind *:8090
>     stats enable
>     stats uri /
> 
> Regards,
> 
> Mahmoud Mortada

HTH
Aleks

Reply via email to