Haproxy in the debug mode and I tried to access the 3 link https and http:80 and http:8080 and it doesn’t report anything on the console of the haproxy.
[root@ies-esd-jiradc-loadb-stage haproxy]# haproxy -f /etc/haproxy/haproxy.cfg [WARNING] 141/115311 (1114) : parsing [/etc/haproxy/haproxy.cfg:42] : backend 'jira_http_backend', another server named 'ies-esd-jiradc-node1-stage.ies.mentorg.com' was defined without an explicit ID at line Is this what you want me to do ? Thanks. Regards, Mahmoud Mortada -----Original Message----- From: Aleksandar Lazic [mailto:al-hapr...@none.at] Sent: Wednesday, May 22, 2019 12:16 PM To: Mortada, Mahmoud <mahmoud_mort...@mentor.com> Cc: haproxy@formilux.org Subject: Re: haproxy configuration issue Am 22.05.2019 um 11:24 schrieb Mortada, Mahmoud: > Sorry there was a space missing in the if statement after adding the > space service become up normally > > Redirection happened as before with port :8080 in the link can you run haproxy in debug mode and see what's returned by jira. > Regards, > > Mahmoud Mortada Regards Aleks > -----Original Message----- > From: Mortada, Mahmoud > Sent: Wednesday, May 22, 2019 11:11 AM > To: 'Aleksandar Lazic' <al-hapr...@none.at> > Cc: haproxy@formilux.org > Subject: RE: haproxy configuration issue > > > > Hi Aleksandar, > > > > Yes I do Jira redirection configuration. > > > > After adding the below line haproxy service not able to start. > > > > http-response set-header location > %[res.hdr(location),regsub(:8080/,/)] if { > > res.hdr(location) -m found } > > > > May 22 10:06:59 ies-esd-jiradc-loadb-stage haproxy-systemd-wrapper[28899]: > [WARNING] 141/100659 (28900) : parsing [/etc/haproxy/haproxy.cfg:28] : > 'http-response' : sample fetch <res.hdr(location),regsub(:8080/,/)> > failed with > : unknown conv method 'regsub' > > May 22 10:06:59 ies-esd-jiradc-loadb-stage haproxy-systemd-wrapper[28899]: > [ALERT] 141/100659 (28900) : parsing [/etc/haproxy/haproxy.cfg:28] : > error detected while parsing an 'http-response set-header' condi > > > > Regards, > > Mahmoud Mortada > > > > -----Original Message----- > > From: Aleksandar Lazic [mailto:al-hapr...@none.at] > > Sent: Wednesday, May 22, 2019 9:40 AM > > To: Mortada, Mahmoud <mahmoud_mort...@mentor.com > <mailto:mahmoud_mort...@mentor.com>> > > Cc: haproxy@formilux.org <mailto:haproxy@formilux.org> > > Subject: Re: haproxy configuration issue > > > > Hi Mahmoud. > > > > Am 21.05.2019 um 14:57 schrieb Mortada, Mahmoud: > >> Hi Aleksandar, > >> > >> Thanks for your reply. > >> > >> My main issue when I tried to access > >> http://ies-esd-jiradc-loadb-stage.ies.mentorg.com:8080 it works but > >> redirect me to >> https://ies-esd-jiradc-loadb-stage.ies.mentorg.com:8080 > >> I don’t want to have 8080 on the https link. > > > > Have you setup jira to run behind reverse proxy, because the redirect > could also be come from JIRA? > > > > https://confluence.atlassian.com/kb/reverse-proxy-and-application-link > -troubleshooting-guide-719095279.html > > > >> Can you please let me know what modification I need to have on my > >> haproxy.cfg file in order to fix this ? > >> > >> Also I applied what you advise below and split http and https >> frontend and > backend. > >> > >> [root@ies-esd-jiradc-loadb-stage haproxy]# cat haproxy.cfg > >> > >> global > >> > >> pidfile /var/run/haproxy.pid > >> maxconn 4000 > >> user haproxy > >> group haproxy > >> daemon > >> tune.ssl.default-dh-param 2048 > >> > >> defaults > >> log global > >> mode http > >> option dontlognull > >> option redispatch > >> option http-ignore-probes > >> retries 3 > >> timeout http-request 10s > >> timeout queue 1m > >> timeout connect 10s > >> timeout client 1m > >> timeout server 1m > >> timeout http-keep-alive 10s > >> timeout check 10s > >> maxconn 3000 > >> errorfile 408 /dev/null # Workaround for > >> Chrome 35-36 bug. See > >> http://blog.haproxy.com/2014/05/26/haproxy-and-http-errors-408-in-chr >> o > >> me/ > >> > >> frontend jira_http_frontend > >> > >> bind *:80 > >> bind *:8080 ssl crt /etc/cert.pem > >> redirect scheme https if !{ ssl_fc } > > > > I would try this in haproxy. > > > > http-response set-header location > %[res.hdr(location),regsub(:8080/,/)] if { > > res.hdr(location) -m found } > > > > found here > > > > https://stackoverflow.com/questions/53418024/haproxy-remove-port-numbe > r-from-url > > > >> default_backend jira_http_backend > >> > >> backend jira_http_backend > >> > >> option httplog > > > > You should get here a warning, move it to global. > > > >> option httpchk GET /status > >> option forwardfor > >> option http-server-close > >> balance roundrobin > >> > >> cookie JSESSIONID prefix nocache > >> > >> stick-table type string len 52 size 5M expire 30m > >> > >> http-request set-header X-Forwarded-Port %[dst_port] > >> > >> http-request add-header X-Forwarded-Proto https if { ssl_fc } > >> > >> server ies-esd-jiradc-node1-stage.ies.mentorg.com > >> 10.249.2.152:8080 check cookie > >> ies-esd-jiradc-node1-stage.ies.mentorg.com > >> > >> # The following "backup" servers are just here to show the >> startup > >> page when all nodes are starting up > >> > >> server ies-esd-jiradc-node1-stage.ies.mentorg.com > >> 10.249.2.152:8080 backup > >> > >> > >> frontend jira_https_frontend > >> > >> bind *:443 ssl crt /etc/cert.pem > >> default_backend jira_https_backend > >> > >> backend jira_https_backend > >> > >> option httplog > > > > You should get here a warning, move it to global. > > > >> option httpchk GET /status > >> option forwardfor > >> option http-server-close > >> balance roundrobin > >> > >> cookie JSESSIONID prefix nocache > >> > >> stick-table type string len 52 size 5M expire 30m > >> > >> server ies-esd-jiradc-node1-stage.ies.mentorg.com > >> 10.249.2.152:8080 check cookie > >> ies-esd-jiradc-node1-stage.ies.mentorg.com > >> > >> # The following "backup" servers are just here to show the >> startup > >> page when all nodes are starting up > >> > >> server ies-esd-jiradc-node1-stage.ies.mentorg.com > >> 10.249.2.152:8080 backup > >> > >> listen admin > >> > >> mode http > >> bind *:8090 > >> stats enable > >> stats uri / > >> > >> Regards, > >> > >> Mahmoud Mortada > > > > Hth > > > > Aleks > > > >> -----Original Message----- > >> From: Aleksandar Lazic [mailto:al-hapr...@none.at] > >> Sent: Tuesday, May 21, 2019 2:45 PM > >> To: Mortada, Mahmoud <mahmoud_mort...@mentor.com > <mailto:mahmoud_mort...@mentor.com>>; > >> haproxy@formilux.org <mailto:haproxy@formilux.org>; wi...@haproxy.org > <mailto:wi...@haproxy.org> > >> Subject: Re: haproxy configuration issue > >> > >> > >> > >> Hi. > >> > >> > >> > >> Am 20.05.2019 um 17:04 schrieb Mortada, Mahmoud: > >> > >>> Hi All, > >> > >>> > >> > >>> I am using haproxy version 1.5.18 with Atlassian Jira data center. > >> > >>> > >> > >>> [root@ies-esd-jiradc-loadb-stage haproxy]# haproxy -version > >> > >>> > >> > >>> HA-Proxy version 1.5.18 2016/05/10 > >> > >>> > >> > >>> Copyright 2000-2016 Willy Tarreau <wi...@haproxy.org > >>> <mailto:wi...@haproxy.org>> > >> > >>> > >> > >>> Please find below haproxy.cfg configuration I have: > >> > >>> > >> > >>> I am trying to enable https for Jira. > >> > >> > >> > >> Do you mean you want to use TLS on the tomcat server or you want that > >> HAProxy terminate TLS and talk to JIRA via plain http? > >> > >> > >> > >>> I want to redirect all jira links using http with 8080 or without > >>> 8080 > >> > >>> port in the link to https > >> > >> > >> > >> This > >> > >> > >> > >>> Current status using below haproxy.cfg: > >> > >>> > >> > >>> https link working fine > >> > >>> > >> > >>> http link without 8080 port redirect automatically to https working > >> > >>> fine > >> > >>> > >> > >>> I am only having issue then try to access http link with 8080 port >>> it > >> > >>> redirect me to https link but with 8080 port show up on the link and > >>> I > >> > >>> don’t want to 8080 port show up after redirection to https. > >> > >>> > >> > >>> Can you please advise ? > >> > >> > >> > >> > >> > >> > >> > >>> [root@ies-esd-jiradc-loadb-stage haproxy]# cat haproxy.cfg > >> > >>> > >> > >>> global > >> > >>> > >> > >>> pidfile /var/run/haproxy.pid > >> > >>> > >> > >>> maxconn 4000 > >> > >>> > >> > >>> user haproxy > >> > >>> > >> > >>> group haproxy > >> > >>> > >> > >>> daemon > >> > >>> > >> > >>> tune.ssl.default-dh-param 1024 > >> > >> > >> > >> I would increase this at least to 2048 > >> > >> > >> > >>> defaults > >> > >>> > >> > >>> log global > >> > >>> > >> > >>> mode http > >> > >>> > >> > >>> option dontlognull > >> > >>> > >> > >>> option redispatch > >> > >>> > >> > >>> retries 3 > >> > >>> > >> > >>> timeout http-request 10s > >> > >>> > >> > >>> timeout queue 1m > >> > >>> > >> > >>> timeout connect 10s > >> > >>> > >> > >>> timeout client 1m > >> > >>> > >> > >>> timeout server 1m > >> > >>> > >> > >>> timeout http-keep-alive 10s > >> > >>> > >> > >>> timeout check 10s > >> > >>> > >> > >>> maxconn 3000 > >> > >>> > >> > >>> errorfile 408 /dev/null # Workaround for > >> > >>> Chrome 35-36 bug. See > >> > >>> http://blog.haproxy.com/2014/05/26/haproxy-and-http-errors-408-in-ch >>> r > >>> o > >> > >>> me/ > >> > >> > >> > >> I would use here `option http-ignore-probes`. > >> > >> > >> > >>> frontend jira_http_frontend > >> > >>> > >> > >>> bind *:8080 ssl crt /etc/cert.pem > >> > >>> > >> > >>> bind *:443 ssl crt /etc/cert.pem > >> > >>> > >> > >>> acl secure dst_port eq 443 > >> > >>> > >> > >>> redirect scheme https if !{ ssl_fc } > >> > >>> > >> > >>> rspadd Strict-Transport-Security:\ max-age=31536000;\ > >> > >>> includeSubDomains;\ preload > >> > >>> > >> > >>> rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure > >> > >> > >> > >> Maybe this helps. > >> > >> > >> > >> # > >> https://cbonte.github.io/haproxy-dconv/1.9/configuration.html#7.3.6-u >> r > >> l > >> > >> http-request set-path /%[url] > >> > >> > >> > >>> default_backend jira_http_backend > >> > >>> > >> > >>> > >> > >>> backend jira_http_backend > >> > >>> > >> > >>> option httplog > >> > >>> option httpchk GET /status > >> > >>> option forwardfor > >> > >>> option http-server-close > >> > >>> balance roundrobin > >> > >>> cookie JSESSIONID prefix nocache > >> > >>> stick-table type string len 52 size 5M expire 30m > >> > >>> http-request set-header X-Forwarded-Port %[dst_port] > >> > >>> http-request add-header X-Forwarded-Proto https if { ssl_fc } > >> > >>> server ies-esd-jiradc-node1-stage.ies.mentorg.com > >> > >>> 10.249.2.152:8080 check cookie > >> > >>> ies-esd-jiradc-node1-stage.ies.mentorg.com > >> > >>> # The following "backup" servers are just here to show the > >>> startup > >> > >>> page when all nodes are starting up > >> > >>> server ies-esd-jiradc-node1-stage.ies.mentorg.com > >> > >>> 10.249.2.152:8080 backup > >> > >>> > >> > >>> listen admin > >> > >>> bind *:8090 > >> > >>> stats enable > >> > >>> stats uri / > >> > >>> > >> > >>> Regards, > >> > >>> > >> > >>> Mahmoud Mortada > >> > >> > >> > >> HTH > >> > >> Aleks > >> > > >
