Hi. On 16.07.21 14:34, Anilton Silva Fernandes wrote:
Hi there…Can I get another HELP: This time, I want to receive a request, and check for URL to know which backend should be call. This is my config: frontend web_accounts mode tcp bind 10.15.1.12:443 default_backend accounts_servers frontend web_apimanager mode tcp bind 10.15.1.13:443 use_backend apiservices if { path_beg /api/ } # IF THERE’S API ON THE URL SEND TO APISERVICES use_backend apimanager unless { path_beg /api } # IF THERE’S NOT API, SEND IT TO APIMANAGER
This is not possible with TCP mode. You have to switch to HTTP mode. In this Blog post is such a example documented and more about HAProxy acls. https://www.haproxy.com/blog/introduction-to-haproxy-acls/
backend accounts_servers mode tcp balance roundrobin server accounts1 10.16.18.128:443 check backend apimanager mode tcp balance roundrobin server apimanager1 10.16.18.129:9445 check backend apiservices mode tcp balance roundrobin server apimanagerqa.cvt.cv 10.16.18.129:8245 check Thank you *From:*Emerson Gomes [mailto:emerson.go...@gmail.com] *Sent:* 7 de julho de 2021 12:34 *To:* Anilton Silva Fernandes <anilton.fernan...@cvt.cv> *Cc:* haproxy@formilux.org *Subject:* Re: Help Hello Anilton, In the "bind *:443" line, do not specify a PEM file directly, but only the directory where your PEM file(s) resides. Also, make sure that both the certificate and private key are contained within the same PEM file. It should look like this: -----BEGIN CERTIFICATE----- xxx -----END CERTIFICATE----- -----BEGIN PRIVATE KEY----- xxx -----END PRIVATE KEY----- BR., Emerson Em qua., 7 de jul. de 2021 às 14:47, Anilton Silva Fernandes <anilton.fernan...@cvt.cv <mailto:anilton.fernan...@cvt.cv>> escreveu: Hi there. Can I get some help from you. I’m configuring HAProxy as a frontend on HTTPS with centified and I want clients to be redirect to BACKEND on HTTPS as well (443) but I want clients to see only HAProxy certificate, as the backend one is not valid. Bellow the schematic of my design: So, on This is the configuration file I’m using: frontend haproxy mode http bind *:80 bind *:443 ssl crt /etc/ssl/cvt.cv/accounts_cvt.pem default_backend wso2 backend wso2 mode http option forwardfor redirect scheme https if !{ ssl_fc } server my-api 10.16.18.128:443 check ssl verify none http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } frontend web_accounts mode tcp bind 192.168.1.214:443 default_backend accounts_servers frontend web_apimanager mode tcp bind 192.168.1.215:443 default_backend apimanager_servers backend accounts_servers balance roundrobin server accounts1 10.16.18.128:443 check server accounts2 10.16.18.128:443 check backend apimanager_servers balance roundrobin server accounts1 10.16.18.128:443 check server accounts2 10.16.18.128:443 check The first one is what works but we got SSL problems due to invalid certificates on Backend; The second one is what we would like, but does not work and says some erros: [ALERT] 187/114337 (7823) : parsing [/etc/haproxy/haproxy.cfg:85] : 'bind *:443' : unable to load SSL private key from PEM file '/etc/ssl/cvt.cv/accounts_cvt.pem <http://cvt.cv/accounts_cvt.pem>'. [ALERT] 187/114337 (7823) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg [ALERT] 187/114337 (7823) : Proxy 'haproxy': no SSL certificate specified for bind '*:443' at [/etc/haproxy/haproxy.cfg:85] (use 'crt'). [ALERT] 187/114337 (7823) : Fatal errors found in configuration. Errors in configuration file, check with haproxy check. This is on CentOS 6 Thank you Melhores Cumprimentos ** *Anilton Fernandes | Plataformas, Sistemas e Infraestruturas* Cabo Verde Telecom, SA Group Cabo Verde Telecom Rua Cabo Verde Telecom, 1, Edificio CVT 198, Praia, Santiago, República de Cabo Verde Phone: +238 3503934 | Mobile: +238 9589123 | Email – anilton.fernan...@cvt.cv <mailto:anilton.fernan...@cvt.cv> cid:image001.jpg@01D5997A.B9848FB0
