Hi Aleksandar,


Thanks for your reply.



My main issue when I tried to access 
http://ies-esd-jiradc-loadb-stage.ies.mentorg.com:8080  it works but redirect 
me to https://ies-esd-jiradc-loadb-stage.ies.mentorg.com:8080 I don’t want to 
have 8080 on the https link.



Can you please let me know what modification I need to have on my haproxy.cfg 
file in order to fix this ?



Also I applied what you advise below and split http and https frontend and 
backend.



[root@ies-esd-jiradc-loadb-stage haproxy]# cat haproxy.cfg

global

    pidfile     /var/run/haproxy.pid

    maxconn     4000

    user        haproxy

    group       haproxy

    daemon

    tune.ssl.default-dh-param 2048

defaults

    log                     global

    mode http

    option                  dontlognull

    option                  redispatch

    option                  http-ignore-probes

    retries                 3

    timeout http-request    10s

    timeout queue           1m

    timeout connect         10s

    timeout client          1m

    timeout server          1m

    timeout http-keep-alive 10s

    timeout check           10s

    maxconn                 3000

    errorfile               408 /dev/null       # Workaround for Chrome 35-36 
bug.  See 
http://blog.haproxy.com/2014/05/26/haproxy-and-http-errors-408-in-chrome/



frontend jira_http_frontend

    bind *:80

    bind *:8080 ssl crt /etc/cert.pem

    redirect scheme https if !{ ssl_fc }

    default_backend jira_http_backend



backend jira_http_backend

    option httplog

    option httpchk GET /status

    option forwardfor

    option http-server-close

    balance roundrobin

    cookie JSESSIONID prefix nocache

    stick-table type string len 52 size 5M expire 30m

    http-request set-header X-Forwarded-Port %[dst_port]

    http-request add-header X-Forwarded-Proto https if { ssl_fc }

    server ies-esd-jiradc-node1-stage.ies.mentorg.com 10.249.2.152:8080 check 
cookie ies-esd-jiradc-node1-stage.ies.mentorg.com

    # The following "backup" servers are just here to show the startup page 
when all nodes are starting up

    server ies-esd-jiradc-node1-stage.ies.mentorg.com 10.249.2.152:8080 backup





frontend jira_https_frontend

    bind *:443 ssl crt /etc/cert.pem

    default_backend jira_https_backend



backend jira_https_backend

    option httplog

    option httpchk GET /status

    option forwardfor

    option http-server-close

    balance roundrobin

    cookie JSESSIONID prefix nocache

    stick-table type string len 52 size 5M expire 30m

    server ies-esd-jiradc-node1-stage.ies.mentorg.com 10.249.2.152:8080 check 
cookie ies-esd-jiradc-node1-stage.ies.mentorg.com

    # The following "backup" servers are just here to show the startup page 
when all nodes are starting up

    server ies-esd-jiradc-node1-stage.ies.mentorg.com 10.249.2.152:8080 backup







listen admin

    mode http

    bind *:8090

    stats enable

    stats uri /



Regards,

Mahmoud Mortada





-----Original Message-----
From: Aleksandar Lazic [mailto:al-hapr...@none.at]
Sent: Tuesday, May 21, 2019 2:45 PM
To: Mortada, Mahmoud <mahmoud_mort...@mentor.com>; haproxy@formilux.org; 
wi...@haproxy.org
Subject: Re: haproxy configuration issue



Hi.



Am 20.05.2019 um 17:04 schrieb Mortada, Mahmoud:

> Hi All,

>

> I am using haproxy version 1.5.18 with Atlassian Jira data center.

>

> [root@ies-esd-jiradc-loadb-stage haproxy]# haproxy -version

>

> HA-Proxy version 1.5.18 2016/05/10

>

> Copyright 2000-2016 Willy Tarreau 
> <wi...@haproxy.org<mailto:wi...@haproxy.org>>

>

> Please find below haproxy.cfg configuration I have:

>

> I am trying to enable https for Jira.



Do you mean you want to use TLS on the tomcat server or you want that HAProxy 
terminate TLS and talk to JIRA via plain http?



> I want to redirect all jira links using http with 8080 or without 8080

> port in the link to https



This



> Current status using below haproxy.cfg:

>

> https link working fine

>

> http link without 8080 port redirect automatically to https working

> fine

>

> I am only having issue then try to access http link with 8080 port it

> redirect me to https link but with 8080 port show up on the link and I

> don’t want to 8080 port show up after redirection to https.

>

> Can you please advise ?







> [root@ies-esd-jiradc-loadb-stage haproxy]# cat haproxy.cfg

>

> global

>

>     pidfile     /var/run/haproxy.pid

>

>     maxconn     4000

>

>     user        haproxy

>

>     group       haproxy

>

>     daemon

>

>     tune.ssl.default-dh-param 1024



I would increase this at least to 2048



> defaults

>

>     log                     global

>

>     mode http

>

>     option                  dontlognull

>

>     option                  redispatch

>

>     retries                 3

>

>     timeout http-request    10s

>

>     timeout queue           1m

>

>     timeout connect         10s

>

>     timeout client          1m

>

>     timeout server          1m

>

>     timeout http-keep-alive 10s

>

>     timeout check           10s

>

>     maxconn                 3000

>

>     errorfile               408 /dev/null       # Workaround for

> Chrome 35-36 bug.  See

> http://blog.haproxy.com/2014/05/26/haproxy-and-http-errors-408-in-chro

> me/



I would use here `option http-ignore-probes`.



> frontend jira_http_frontend

>

>     bind *:8080 ssl crt /etc/cert.pem

>

>     bind *:443 ssl crt /etc/cert.pem

>

>     acl secure dst_port eq 443

>

>     redirect scheme https if !{ ssl_fc }

>

>     rspadd Strict-Transport-Security:\ max-age=31536000;\

> includeSubDomains;\ preload

>

>     rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure



Maybe this helps.



      # https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#7.3.6-url

      http-request set-path /%[url]



>     default_backend jira_http_backend

>

>

> backend jira_http_backend

>

>     option httplog

>     option httpchk GET /status

>     option forwardfor

>     option http-server-close

>     balance roundrobin

>     cookie JSESSIONID prefix nocache

>     stick-table type string len 52 size 5M expire 30m

>     http-request set-header X-Forwarded-Port %[dst_port]

>     http-request add-header X-Forwarded-Proto https if { ssl_fc }

>     server ies-esd-jiradc-node1-stage.ies.mentorg.com

> 10.249.2.152:8080 check cookie

> ies-esd-jiradc-node1-stage.ies.mentorg.com

>     # The following "backup" servers are just here to show the startup

> page when all nodes are starting up

>     server ies-esd-jiradc-node1-stage.ies.mentorg.com

> 10.249.2.152:8080 backup

>

> listen admin

>     bind *:8090

>     stats enable

>     stats uri /

>

> Regards,

>

> Mahmoud Mortada



HTH

Aleks

Reply via email to