HAProxy URL redirect

xternaal · Feb 24, 2020, 5:26 AM

Hi there,
I have pfsense haproxy setup correctly and working with acme certs.
It successfully proxies from say https://service.contoso.com to 192.168.1.5:5000.

I was wondering how I can setup a http/https redirect in haproxy that redirects or rewrites the url to add the internal DNS suffix when accessing the sites from inside the network. i.e so I can just type "service/" into the url bar and it will convert to https://service.contoso.com (where contoso.com comes from the dhcp search domains).

The reason for this is internally if i just want to quickly access a site and type "service/" (the '/' stops chrome/firefox from undertaking a search on the term) it throws a ssh certificate error because it doesn't include the wildcard *.contoso.com certificate that haproxy and acme cert have created.

PiBa · Feb 25, 2020, 6:09 PM

@xternaal said in HAProxy URL redirect:

ssh certificate error

perhaps you mean SSL ? But anyhow, if you are requesting 'https://service/' and haproxy does not have a certificate matching that domain that the browser trusts, then there is no way to send a http-redirect on HTTP-layer7 if the SSL connection on layer6 did not yet shake hands successfully.. Only after clicking through the certificate warning you will be able to send the HTTP GET request, and get a HTTP redirect back to the desired domain...

If you are requesting http://service/ then it is of-course possible to redirect that to https://service.contoso.com/ .. But im guessing you want the other initial https request scenario to work..?.

xternaal · Mar 19, 2020, 5:36 AM

Thanks for your response. How would i go about doing the http redirect. That would be good enough

Cheers

PiBa · Mar 19, 2020, 9:32 PM

@xternaal
Add a acl X that checks 'host matches: service'
Then add a action that will perform a 'http-request redirect' for fmt: 'location https://service.contoso.com' when the acl X matches.