HAProxy 301 Redirect
-
Hi All,
I have a working instance of HAProxy 1.8.30-c248dab on psSense 2.6.0 but having issues doing a 301 redirect e.g. www.example.net to www.example.com.
In the frontend for the www.example.net acl I have the action "http-request redirect code 301 location www.example.com".
But when I go to www.example.net the url isn't redirected and I get "503 Service Unavailable No server is available to handle this request". www.example.com is available to handle requests.
No doubt its something fairly simple but I just can't figure it out. I've checked the ordering of the actions but it doesn't seem to make any difference.
Any tips would be appreciated.
John
-
@johnoatwork
Seems the request doesn't match the ACL.
Post the whole configuration to get closer to the reason. -
Thanks for coming back! Relevant parts of the config:
frontend SharedFrontendHTTPS bind xxx.xxx.xxx.xxx:443 name xxx.xxx.xxx.xxx:443 ssl crt-list /var/etc/haproxy/SharedFrontendHTTPS.crt_list mode http log global option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 30000 acl www.example.com var(txn.txnhost) -m str -i www.example.com acl www.example.net var(txn.txnhost) -m str -i www.example.net acl aclcrt_SharedFrontendHTTPS var(txn.txnhost) -m reg -i ^([^\.]*)\.example\.com(:([0-9]){1,5})?$ acl aclcrt_SharedFrontendHTTPS var(txn.txnhost) -m reg -i ^example\.com(:([0-9]){1,5})?$ http-request set-var(txn.txnhost) hdr(host) http-request redirect code 301 location www.example.com if www.example.net aclcrt_SharedFrontendHTTPS use_backend WEB01_ipvANY if www.example.com aclcrt_SharedFrontendHTTPS frontend SharedFrontendHTTP bind xxx.xxx.xxx.xxx:80 name xxx.xxx.xx.xxx:80 mode http log global option http-keep-alive option forwardfor acl https ssl_fc http-request set-header X-Forwarded-Proto http if !https http-request set-header X-Forwarded-Proto https if https timeout client 30000 acl www.example.com var(txn.txnpath) -m str -i www.example.com acl www.example.net var(txn.txnpath) -m str -i www.example.net http-request set-var(txn.txnpath) path http-request redirect scheme https backend WEB01_ipvANY mode http id 105 log global timeout connect 30000 timeout server 30000 retries 3 server WEB01 xxx.xxx.xxx.xxx:80 id 101 -
@johnoatwork
You have to state the whole URL in the redirect location likehttps://www.example.com -
@viragomann
Makes sense, but I've already tried both http and https and changed it to a raw string just to test it. Tested again with full url just then but get the same result.... -
@johnoatwork said in HAProxy 301 Redirect:
http-request redirect code 301 location www.example.com if www.example.net aclcrt_SharedFrontendHTTPSAlso you have a second ACL in this rule, which might not match.
-
@viragomann said in HAProxy 301 Redirect:
Also you have a second ACL in this rule, which might not match.
I had ACLs matching both www.example.com and example.com. I deleted the latter and configured the rule like this:http-request redirect code 301 location www.example.com if www.example.net aclcrt_SharedFrontendHTTPSStill no joy. It's late here in Oz so I'll have another look at it tomorrow. Thanks for you support.
-
I've tried each of the following rules and can't get the redirect working. Any thoughts?
http-request redirect code 301 location www.example.com if www.example.net aclcrt_SharedFrontendHTTPS http-request redirect code 301 location http://www.example.com if www.example.net aclcrt_SharedFrontendHTTPS http-request redirect code 301 location https://www.example.com if www.example.net aclcrt_SharedFrontendHTTPS -
@johnoatwork
Dude, you have two ACLs in this single rule which are mutually exclusive!
So this rule cannot work at all.www.example.net - requires that the host name includes "www.example.net"
aclcrt_SharedFrontendHTTPS - requires that the host name includes "example.com"Both will never match to the requested host. So remove the second ACL from this rule.