Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy issue with 2 domains?

    Scheduled Pinned Locked Moved Cache/Proxy
    5 Posts 2 Posters 727 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K Offline
      killmasta93
      last edited by

      Hi,
      I was wondering if someone could shed some light on the issue im having. Currently have pfSense 2.3.5 working well with HAproxy with 2 domains and 1 subdomain. The issue is that when someone puts www.mydomain2.com it redirects to mydomain.com
      I have a rule which redirects all http to https and i think that is what might be the issue.
      My question is how can i put if someone puts www.mydomain2.com and www.mydomain.com to redirect correctly.
      or how can i redirect all WWW to the correct domain?

      # Automaticaly generated, dont edit manually.
# Generated on: 2019-01-28 15:48
global
	maxconn			500
	stats socket /tmp/haproxy.socket level admin 
	gid			80
	nbproc			1
	hard-stop-after		15m
	chroot				/tmp/haproxy_chroot
	daemon
	server-state-file /tmp/haproxy_server_state

listen HAProxyLocalStats
	bind 127.0.0.1:2200 nmydomain localstats
	mode http
	stats enable
	stats admin if TRUE
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

frontend SharedFrontend-merged
	bind			190.157.xxx.xx443 nmydomain 190.157.xxx.xx443   
	mode			tcp
	log			global
	timeout client		30000
	tcp-request connection set-src str(192.168.1.1) if { src 192.168.1.0/24 }
	tcp-request inspect-delay	5s
	acl			mydomain	req.ssl_sni -i mydomain.com.co
	acl			mydomain2	req.ssl_sni -i mydomain2cosmeticos.com
	acl			cloud	req.ssl_sni -i cloud.mydomain2cosmeticos.com
	tcp-request content accept if { req.ssl_hello_type 1 }
	use_backend Backend1_ipv4  if  mydomain 
	use_backend Backend2_ipv4  if  mydomain2 
	use_backend Backend3_ipv4  if  cloud 

frontend HTTPTOHTTPS
	bind			190.157.xxx.xx80 nmydomain 190.157.xxx.xx80   
	mode			http
	log			global
	option			http-keep-alive
	timeout client		30000
	tcp-request connection set-src str(192.168.1.1) if { src 192.168.1.0/24 }
	acl			mydomain	var(txn.txnhost) -m str -i mydomain.com.co
	acl			mydomain2	var(txn.txnhost) -m beg -i www.mydomain2cosmeticos.com
	acl			cloud	var(txn.txnhost) -m str -i cloud.mydomain2cosmeticos.com
	http-request set-var(txn.txnhost) hdr(host)
	http-request redirect scheme https  if  mydomain 
	http-request redirect scheme https  if  mydomain2 
	http-request redirect scheme https  if  cloud 

backend Backend1_ipv4
	mode			tcp
	id			10100
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	source ipv4@ usesrc clientip
	server			mydomain 192.168.1.229:443 id 10101 check inter 1000  

backend Backend2_ipv4
	mode			tcp
	id			10102
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	source ipv4@ usesrc clientip
	server			mydomain2 192.168.1.230:443 id 10101 check inter 1000  

backend Backend3_ipv4
	mode			tcp
	id			10103
	log			global
	timeout connect		30000
	timeout server		30000
	retries			3
	source ipv4@ usesrc clientip
	server			cloud 192.168.1.250:443 id 10101 check inter 1000

      This is the config

      Thank you

      Tutorials:

      https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

      P 1 Reply Last reply Reply Quote 0
      • P Offline
        PiBa @killmasta93
        last edited by

        @killmasta93
        Seems to me that a request for https://www.domain2.com would end in a closed connection.. As none of the acl's actually match that request. And the only redirects that haproxy does are regarding the 'scheme', it would not direct a client to a different domain by that.. Sounds to me like either some browser-cache that remembered a 'permanent-redirect', or the webserver itself was maybe sending a redirect you didnt expect.?.

        1 Reply Last reply Reply Quote 0
        • K Offline
          killmasta93
          last edited by

          Thanks for the reply, so my question is what am i missing? would be something like host starts with? then redirect the acl?

          Tutorials:

          https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

          P 1 Reply Last reply Reply Quote 0
          • P Offline
            PiBa @killmasta93
            last edited by

            @killmasta93 said in HAproxy issue with 2 domains?:

            issue is that when someone puts www.mydomain2.com it redirects to mydomain.com

            The haproxy config as shown does not do that.. You will have to search for the cause of the issue at a different location.

            • Browser cache
            • Webserver
            • Web-application

            Try a curl request, to haproxy? Try a curl request to the webserver? (including the "Host: www.mydomain2.com" header in each request) Does it also show a redirect in response? You will first have to figure out what component is causing the problem, and either fix that, or then decided to workaround it.. All i can tell is that your haproxy configuration is not the issue.

            1 Reply Last reply Reply Quote 0
            • K Offline
              killmasta93
              last edited by

              Thanks for the reply, so after many hours it was the HAproxy redirect rule i had to add 2 more rules

              on the ACL added web2 and web3 host matches www.mydomain.com and www.mydomain2.com

              on the bottom on actions add http-request redirect with the rule rule: prefix https://mydomain.com and the same thing for the mydomain2.com

              for anyone else that has this issue do the following.

              Hope this helps

              Tutorials:

              https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.