HAProxy - Trailing Slash Mandatory or No Access??



  • Hello! I'm new to HAProxy and I'm running 4 domains off of it currently:

    Frontend
    aa44d4eb-60e9-4686-ab29-b58117054ed0-image.png

    One of the backends:
    9336ca22-ac61-4ace-b35c-0a964476262c-image.png

    I do have SSL offloading on them that works well, everything works as intended until the moment a link loads without a trailing slash..

    Broken: (times out and exposes port)
    98cb35ee-b161-4836-a170-3b7b5ded93ec-image.png

    Fixed:
    cc2b9548-04c1-437b-9e2a-045dc1866ac0-image.png

    Broken: (Just shows NGinx port and takes HTTPS off, also times out)
    434f16bd-11e0-4aeb-a17e-86173bed2662-image.png

    Fixed: (only added a trailing slash)
    93de5e76-281c-4283-95f8-564aa1332124-image.png

    All I did was take out index.php and it worked! I would think it's a config issue but websites that worked before being put on HAProxy now have this problem. It doesn't matter if there's a trailing slash or not on the default domain, but once there's a folder or file that doesn't end with a trailing slash then it crashes and just doesn't function. I'm very new to HAProxy and am unsure of what to do, any help will be appreciated!



  • @Soarin
    Seems to me that phpmyadmin and that other site think the trailing slash is mandatory, and try to redirect the client if it didn't enter it.

    That redirect however is using the wrong 'root url' to create the redirect..

    It seems that in phpmyadmin you can configure a setting that tells it the proper root url: "PmaAbsoluteUri"

    https://github.com/phpmyadmin/phpmyadmin/blob/23c35798044de9c18811f2623f7133f3dcb33bde/libraries/config.default.php#L40

    I think that would solve the issue for phpmyadmin.. As for why the '/test' url also sends a 'wrong' redirect.. probably due to how the nginx webserver tries to redirect clients as well when they attempt to access a not existing file.?



  • Hi,

    Did you create a backend for each server you are directing the front end to? The front end cannot go to a web site URL it has to be linked to a Haproxy backend.

    For an example take a look at:

    https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki



  • @PiBa Thank you for the reply, I'll try that solution shortly for PhPMyadmin! That seems to be handy specifically for this, however as for the other sites doing it, they are just straight up directories and before HAProxy they worked fine.

    I'm not sure if this is related but I can type in fake directories alongside my URL and it'll load them, albeit it'll just be the homepage of the website but it won't shoot out any errors. Could this be apart of the whole misconfiguration problem?

    Thank you for the reply, for testing purposes I had put my Nginx server back on port 443 (not opened, still under HAProxy) and PhPMyAdmin wasn't redirecting to that port 9220 anymore however when I'd login it'd just send me back to the dieselworks.arktechhosting.com page as if the /phpmyadmin/ part never existed on the URL. This is a friend's site I'm hosting for him but using similar config to what I had used but worked for my webserver, that same trailing slash problem persists along with it redirecting with port 443 set.
    It seems like it'd work with NGinx on 443 because it'd be redirecting the browser to a port that HAProxy is listening for it so it could go back through the frontend? I am unsure, is there a config for this? I looked in a lot of places and couldn't find a solution. ☹

    @cjbujold Thank you for replying, yes the frontend does redirect to the backend and everything functions normally but redirects and URLs break easily under HAProxy (such as no trailing slash on an existing directory and PhPMyAdmin). I am unsure of why this is.



  • @Soarin
    They break because the webserver which listens on :9220 doesn't know the the client is connecting to :443 and then when it includes 'absolute links' or tries to redirect from one page to another it will send the wrong location to the client.. Which then tries to follow that and fails to connect to :9220 which isnt available from 'outside'.. Best way to solve this is to make the webserver / webapplication 'aware' that the client uses https://domain:443/ as with phpmyadmin the "PmaAbsoluteUri" setting does, or convince the webserver/webapplication to only send 'relative' paths and not absolute ones...

    For the 'wrong' redirect's you could probably configure haproxy to replace the wrong 'Location:' header with the correct one..
    If 'absolute links' which point to :9220 are in the 'body' of the webserver replies / the webpage served, then your basically out of luck as haproxy will not replace that content inside the body of a reply.. (unless you go for some custom heavy duty Lua scripting....)


Log in to reply