Cannot publish subpages with HAProxy



  • Hello,

    My config is like;

    WAN (157.56.172.28)-> Juniper FW (192.168.1.75)-> HTTP ->MS ISA Server (192.168.1.253)-> www.test.com (192.168.1.1)
    WAN (157.56.172.28)-> Juniper FW (192.168.1.75)-> HTTP ->MS ISA Server (192.168.1.253)-> www.test.com/hello/ (192.168.1.2)

    It's very easy to do this with ISA Server but i want to switch Pfsense. So i've installed HAProxy and i can publish www.test.com (192.168.1.1) but couldn't create correct rules for www.test.com/hello/ (192.168.1.2).

    Whenever i go for www.test.com/hello/ it goes to 192.168.1.1 instead of 192.168.1.2, can someone help me how to create a correct config. for this setup?

    Thanks



  • What rules did you make? Can you share the haproxy.cfg ?



  • Sorry cant do that but it wouldnt matter anyway because i have no idea how to write config for subpages. I've searched net whole day but couldn't find single example regarding this subject. So if u guys show me some example configs i think i can figure out the rest.

    I've created two backends pointing port 80 to 192.168.1.1 and 192.168.1.2. Tried a to create a primary frontend with two shared frontends but no idea how to create correct ACL's to get this work.



  • Perhaps look at the native haproxy manual:
    http://cbonte.github.io/haproxy-dconv/1.7/snapshot/configuration.html#7.2
    The way they do it for "/images"

    In the haproxy package on pfSense youl need to define an acl to match /images and a usebackend action to then go to the right backend if the acl matches.



  • Has there been any progress on this I am in the same boat..

    Cheers

    Rich



  • If your in the same boat, then look at the same manual as linked above.. Or ask your question is a separate forum thread and i can try to help you there. Maybe i we can try and learn how to fish, instead of giving you a fish..



  • @PiBa

    Sounds like a plan if i work it out all on my own I will defo update this Thread…  ;D

    Cheers

    Rich



  • Reading other forums etc.. I have come up with the below config, but it does not seem to work… can anyone point out what might be wrong

    Listen HAProxyLocalStats
    bind 127.0.0.1:2200 name localstats
    mode http
    stats enable
    stats admin if TRUE
    stats uri /haproxy/haproxy_stats.php?haproxystats=1
    timeout client 5000
    timeout connect 5000
    timeout server 5000

    frontend SHFD-merged
    bind XXX.XXX.XXX.XXX:443 name XXX.XXX.XXX.XXX:443 ssl  crt /var/etc/haproxy/SHFD.pem 
    bind 192.168.23.1:443 name 192.168.23.1:443 ssl  crt /var/etc/haproxy/SHFD.pem 
    mode http
    log global
    option httplog
    option http-keep-alive
    option forwardfor
    acl https ssl_fc
    http-request set-header X-Forwarded-Proto http if !https
    http-request set-header X-Forwarded-Proto https if https
    timeout client 86400000
    acl AURL path_end -i /Automation
    use_backend Automation_Server_http_ipvANY  if  AURL

    backend Automation_Server_http_ipvANY
    mode http
    log global
    timeout connect 30000
    timeout server 30000
    retries 3
    server AutoMate 192.168.23.2:8099

    Cheers

    Rich



  • It looks like youve disabled healthchecking on the server, if you enable it for http, does the server show up 'green' on the stats page? If not some info here: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/haproxy_troubleshooting

    Other than that are you sure the path 'ends' on /Automation ? For testing what curl command are you running?

    Does http://192.168.23.2:8099/Automation show a (error?)response from the webserver when visited with a browser?



  • Hi PiBa,

    I believe i know what might be wrong but unsure how to fix this… have change the path_end to Path_begins. but also noticed the internal path should be http://192.168.23.2:8099/* Correct me if I am wrong like you point out below it requesting the URL to http://192.168.23.2:8099/Automation internally

    Do you know the best way of achieving this?

    Cheers

    Rich



  • on the backend i have added the following line to

    "Backend pass thru"
    reqrep ^([^\ :])\ /Automation/(.)    \1\ /\2

    This seems to work is it possable to drop off the last forward slash / ?

    Cheers

    Rich