Re: redirect prefix, use variable host
On Thu, May 17, 2012 at 2:41 PM, Willy Tarreau w...@1wt.eu wrote: Hi, On Wed, May 16, 2012 at 05:05:05PM +0200, hapr...@serverphorums.com wrote: I think I am in this exact same boat. I have a site with wildcard subdomains as well. Is there an ETA on this this pattern extraction? I browsed the changelogs up through 5/14/2012 and it looks like there could be some possible headway on this. Can someone please confirm? A lot of progress has indeed been made, but we still don't have such ability and it will take some time to implement. Are there any other creative solutions for this? I need to redirect any subdomain to https unless it is www. No idea right now. From what I understand you'd like to take the host header and put it into your redirects, prepended by http://; or https://; depending on the type of redirection, that's it ? Maybe it should not be too hard to implement some http-host and https-host options to the redirect statement, as alternatives to prefix, and which would automatically concatenate a scheme (http://; or https://;) with the extract of the Host header and the current URI. I must say I have not much studied the idea, but it should be doable without too much effort. This is how we currently do https redirects with haproxy and nginx: in haproxy: use_backend https-redirect if { something } backend https-redirect: server https-redir 127.2.0.1:80 in nginx: server { listen 127.2.0.1:80; rewrite ^ https://$host$request_uri? permanent; } And we also do ssl termination with nginx, so the overhead of this solution is minimal. If haproxy could do both the ssl termination and the https redirect, that would be something :) - Finn Arne
Re: redirect prefix, use variable host
Hi, On Wed, May 16, 2012 at 05:05:05PM +0200, hapr...@serverphorums.com wrote: I think I am in this exact same boat. I have a site with wildcard subdomains as well. Is there an ETA on this this pattern extraction? I browsed the changelogs up through 5/14/2012 and it looks like there could be some possible headway on this. Can someone please confirm? A lot of progress has indeed been made, but we still don't have such ability and it will take some time to implement. Are there any other creative solutions for this? I need to redirect any subdomain to https unless it is www. No idea right now. From what I understand you'd like to take the host header and put it into your redirects, prepended by http://; or https://; depending on the type of redirection, that's it ? Maybe it should not be too hard to implement some http-host and https-host options to the redirect statement, as alternatives to prefix, and which would automatically concatenate a scheme (http://; or https://;) with the extract of the Host header and the current URI. I must say I have not much studied the idea, but it should be doable without too much effort. Regards, Willy
Re: redirect prefix, use variable host
That would actually help us out a lot also. I'd dug into the code to see if there was a simple way to add the functionality we need but its obviously been too long since I've written system-level C code for me to make a confident patch. We currently use an instance of Apache purely to redirect any plain http traffic to https no matter what the domain/URL is (but we also support wildcard domains). This would certainly do the trick since we always want to keep the request URL same, just force it to https. That would allow us to completely remove Apache from our software chain, which would be great from a security certification standpoint. Richard Stanford CTO | KIMBIA 512-474-4447 x777 On May 17, 2012, at 7:41 AM, Willy Tarreau wrote: Hi, On Wed, May 16, 2012 at 05:05:05PM +0200, hapr...@serverphorums.com wrote: I think I am in this exact same boat. I have a site with wildcard subdomains as well. Is there an ETA on this this pattern extraction? I browsed the changelogs up through 5/14/2012 and it looks like there could be some possible headway on this. Can someone please confirm? A lot of progress has indeed been made, but we still don't have such ability and it will take some time to implement. Are there any other creative solutions for this? I need to redirect any subdomain to https unless it is www. No idea right now. From what I understand you'd like to take the host header and put it into your redirects, prepended by http://; or https://; depending on the type of redirection, that's it ? Maybe it should not be too hard to implement some http-host and https-host options to the redirect statement, as alternatives to prefix, and which would automatically concatenate a scheme (http://; or https://;) with the extract of the Host header and the current URI. I must say I have not much studied the idea, but it should be doable without too much effort. Regards, Willy
Re: redirect prefix, use variable host
I think I am in this exact same boat. I have a site with wildcard subdomains as well. Is there an ETA on this this pattern extraction? I browsed the changelogs up through 5/14/2012 and it looks like there could be some possible headway on this. Can someone please confirm? Are there any other creative solutions for this? I need to redirect any subdomain to https unless it is www. Much thanks! --- posted at http://www.serverphorums.com http://www.serverphorums.com/read.php?10,305872,497385#msg-497385
Re: redirect prefix, use variable host
I take it back. The hack doesn't seem to work. Even after changing the host in the request, prefix / is redirecting to /+uri and doesn't include the full host. So, its doing a relative redirect which doesn't change the protocol from http to https and vice-versa. Stiil looking for a solution. Thanks, Vivek On Wed, Apr 20, 2011 at 10:43 PM, Vivek Malik vivek.ma...@gmail.com wrote: I found a hacky way to do it from mailing list archives http://www.mail-archive.com/haproxy@formilux.org/msg03323.html Regards, Vivek On Wed, Apr 20, 2011 at 10:09 PM, Vivek Malik vivek.ma...@gmail.comwrote: Hi, I am trying to issue a redirect via haproxy and want to reuse the host variable. Here is the configuration stunnel running on port 443 accepting connections for *.domain.com(unlimited subdomain cert) forwarding to haproxy on port 81 haproxy running on port 80 (for http for *.domain.com) and port 81 (for https via stunnel) frontend https bind 127.0.0.1:81 acl allow_https if path /login /signup /forgotPassword redirect prefix http://sub.domain.com if !allow_https Stunnel is using an unlimited subdomain SSL certificate which allows for https connection to *.domain.com. I want to redirect to http://sub.domain.com but I can't put the value of the sub without using a variable. I tried looking around but can't find out how to use the variable host inside the redirect prefix directive. Essentially, the config should be able to handle redirect for all subdomains https://foo.domain.com/something = http://foo.domain.com/something https://bar.domain.com/something = http://bar.domain.com/something Please help. Thanks, Vivek
Re: redirect prefix, use variable host
I found a hacky way to do it from mailing list archives http://www.mail-archive.com/haproxy@formilux.org/msg03323.html Regards, Vivek On Wed, Apr 20, 2011 at 10:09 PM, Vivek Malik vivek.ma...@gmail.com wrote: Hi, I am trying to issue a redirect via haproxy and want to reuse the host variable. Here is the configuration stunnel running on port 443 accepting connections for *.domain.com(unlimited subdomain cert) forwarding to haproxy on port 81 haproxy running on port 80 (for http for *.domain.com) and port 81 (for https via stunnel) frontend https bind 127.0.0.1:81 acl allow_https if path /login /signup /forgotPassword redirect prefix http://sub.domain.com if !allow_https Stunnel is using an unlimited subdomain SSL certificate which allows for https connection to *.domain.com. I want to redirect to http://sub.domain.com but I can't put the value of the sub without using a variable. I tried looking around but can't find out how to use the variable host inside the redirect prefix directive. Essentially, the config should be able to handle redirect for all subdomains https://foo.domain.com/something = http://foo.domain.com/something https://bar.domain.com/something = http://bar.domain.com/something Please help. Thanks, Vivek