Yep, that's what I ended up doing following the advice from serverfault.
Now it looks logical and I must admit I did not check the log for warnings
(I'm running it with systemd but I expected any warnings still to be shown
when I emit `systemctl reload`, I was wrong)
Thank you!
On Mon, 15 Oct 2018 at 11:26, Cyril Bonté wrote:
> Hi,
>
> Le 14/10/2018 à 22:39, Ivan Kurnosov a écrit :
> > I have the following config, it's under the `frontend` section for tls
> > connection and haproxy terminates https connections:
> >
> > acl domain-acl-host hdr(host) -i domain.tld
> > rspadd X-Foo:\ bar if domain-acl-host
> > rspadd X-Baz:\ baz
> > http-response set-header X-Bar bar if domain-acl-host
> > use_backend backend_name if domain-acl-host
> >
> > The `use_backend` directive works conditionally as expected (there are
> > multiple different domain names served, and they are chosen correctly)
> >
> > But headers are not added/set to the response conditionally.
> >
> > I expect 3 extra headers to be added there: `X-Foo`, `X-Baz`, and
> > `X-Bar`, but only `X-Baz` is added:
> >
> > < HTTP/1.1 302 Found
> > < Server: nginx
> > < Content-Type: text/html; charset=UTF-8
> > < Transfer-Encoding: chunked
> > < Cache-Control: max-age=0, must-revalidate, private
> > < Date: Sun, 14 Oct 2018 20:25:59 GMT
> > < Location: https://domain.tld/somewhere/else
> > < X-Baz: baz
> >
> > I'm sure I'm missing something trivial, but reading documentation or
> > google did not help.
>
> Well, did you have a look at the warnings emitted by haproxy on startup
> saying your acl will never match for "rspadd X-Foo" and "http-response
> set-header" ? You can't manipulate response headers based on request
> headers acl (they're not in the memory buffer anymore).
>
> You can capture the request header in a variable and modify your acl to
> use this variable instead.
>
> Example:
> http-request set-var(txn.host) hdr(host)
> acl domain-acl-host var(txn.host) -i domain.tld
>
> See the documentation for details:
> -
>
> http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-http-request
> - http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#var
>
> > PS: it's `haproxy 1.8.8`
> >
> > PPS: I originally asked it at https://serverfault.com/q/935492/45086 as
> well
> >
> > --
> > With best regards, Ivan Kurnosov
>
>
> --
> Cyril Bonté
>
--
With best regards, Ivan Kurnosov