HAproxy issue with 2 domains?



  • Hi,
    I was wondering if someone could shed some light on the issue im having. Currently have pfSense 2.3.5 working well with HAproxy with 2 domains and 1 subdomain. The issue is that when someone puts www.mydomain2.com it redirects to mydomain.com
    I have a rule which redirects all http to https and i think that is what might be the issue.
    My question is how can i put if someone puts www.mydomain2.com and www.mydomain.com to redirect correctly.
    or how can i redirect all WWW to the correct domain?

    # Automaticaly generated, dont edit manually.
    # Generated on: 2019-01-28 15:48
    global
    	maxconn			500
    	stats socket /tmp/haproxy.socket level admin 
    	gid			80
    	nbproc			1
    	hard-stop-after		15m
    	chroot				/tmp/haproxy_chroot
    	daemon
    	server-state-file /tmp/haproxy_server_state
    
    listen HAProxyLocalStats
    	bind 127.0.0.1:2200 nmydomain localstats
    	mode http
    	stats enable
    	stats admin if TRUE
    	stats show-legends
    	stats uri /haproxy/haproxy_stats.php?haproxystats=1
    	timeout client 5000
    	timeout connect 5000
    	timeout server 5000
    
    frontend SharedFrontend-merged
    	bind			190.157.xxx.xx443 nmydomain 190.157.xxx.xx443   
    	mode			tcp
    	log			global
    	timeout client		30000
    	tcp-request connection set-src str(192.168.1.1) if { src 192.168.1.0/24 }
    	tcp-request inspect-delay	5s
    	acl			mydomain	req.ssl_sni -i mydomain.com.co
    	acl			mydomain2	req.ssl_sni -i mydomain2cosmeticos.com
    	acl			cloud	req.ssl_sni -i cloud.mydomain2cosmeticos.com
    	tcp-request content accept if { req.ssl_hello_type 1 }
    	use_backend Backend1_ipv4  if  mydomain 
    	use_backend Backend2_ipv4  if  mydomain2 
    	use_backend Backend3_ipv4  if  cloud 
    
    frontend HTTPTOHTTPS
    	bind			190.157.xxx.xx80 nmydomain 190.157.xxx.xx80   
    	mode			http
    	log			global
    	option			http-keep-alive
    	timeout client		30000
    	tcp-request connection set-src str(192.168.1.1) if { src 192.168.1.0/24 }
    	acl			mydomain	var(txn.txnhost) -m str -i mydomain.com.co
    	acl			mydomain2	var(txn.txnhost) -m beg -i www.mydomain2cosmeticos.com
    	acl			cloud	var(txn.txnhost) -m str -i cloud.mydomain2cosmeticos.com
    	http-request set-var(txn.txnhost) hdr(host)
    	http-request redirect scheme https  if  mydomain 
    	http-request redirect scheme https  if  mydomain2 
    	http-request redirect scheme https  if  cloud 
    
    backend Backend1_ipv4
    	mode			tcp
    	id			10100
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	source ipv4@ usesrc clientip
    	server			mydomain 192.168.1.229:443 id 10101 check inter 1000  
    
    backend Backend2_ipv4
    	mode			tcp
    	id			10102
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	source ipv4@ usesrc clientip
    	server			mydomain2 192.168.1.230:443 id 10101 check inter 1000  
    
    backend Backend3_ipv4
    	mode			tcp
    	id			10103
    	log			global
    	timeout connect		30000
    	timeout server		30000
    	retries			3
    	source ipv4@ usesrc clientip
    	server			cloud 192.168.1.250:443 id 10101 check inter 1000
    

    This is the config

    Thank you



  • @killmasta93
    Seems to me that a request for https://www.domain2.com would end in a closed connection.. As none of the acl's actually match that request. And the only redirects that haproxy does are regarding the 'scheme', it would not direct a client to a different domain by that.. Sounds to me like either some browser-cache that remembered a 'permanent-redirect', or the webserver itself was maybe sending a redirect you didnt expect.?.



  • Thanks for the reply, so my question is what am i missing? would be something like host starts with? then redirect the acl?



  • @killmasta93 said in HAproxy issue with 2 domains?:

    issue is that when someone puts www.mydomain2.com it redirects to mydomain.com

    The haproxy config as shown does not do that.. You will have to search for the cause of the issue at a different location.

    • Browser cache
    • Webserver
    • Web-application

    Try a curl request, to haproxy? Try a curl request to the webserver? (including the "Host: www.mydomain2.com" header in each request) Does it also show a redirect in response? You will first have to figure out what component is causing the problem, and either fix that, or then decided to workaround it.. All i can tell is that your haproxy configuration is not the issue.



  • Thanks for the reply, so after many hours it was the HAproxy redirect rule i had to add 2 more rules

    on the ACL added web2 and web3 host matches www.mydomain.com and www.mydomain2.com

    on the bottom on actions add http-request redirect with the rule rule: prefix https://mydomain.com and the same thing for the mydomain2.com

    for anyone else that has this issue do the following.

    Hope this helps


Log in to reply