HAProxy: Use UNLESS condition instead of default IF
-
I use onlyoffice/documentserver docker for integration in OwnCloud.
For external access I need to reverse-proxy the ONLYOFFICE docker via HAproxy (besides OwnCloud of course, but that is working fin). For making that work I need to add some custom ACLs and conditions on the backend server in pfSense HAProxy package. I use the following example: https://github.com/ONLYOFFICE/document-server-proxy/blob/master/haproxy/proxy-https-to-http.cfg based on these patterns described by OnlyOffice: https://helpcenter.onlyoffice.com/installation/docs-community-proxy.aspx
I am able to configure the conditions via the GUI to change the default IF condition (see below) to an UNLESS statement as described in the ONLYOFFICE HAProxy.cfg example.
I cannot find this option or am I missing something? Anyone any experience on this on getting this to work?
Screenshot of the GUI configuration:
In the haproxy.cfg file the GUI configuration results in the following
acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] if existing-x-forwarded-host http-request add-header X-Forwarded-Proto https if existing-x-forwarded-protoBelow what ONLYOFFICE describes but I am unable to configure this in the GUI. Tried to edit it directly in the config file but that is being overwritten when you restart the HAProxy service (or after a reboot).
acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header X-Forwarded-Host %[req.hdr(Host)] unless existing-x-forwarded-host http-request add-header X-Forwarded-Proto https unless existing-x-forwarded-proto -
@cwegh
Put an exclamation mark i front of the ACL in the actions. -
@viragomann That was it, thanks! Searched a lot put could find any documentation on this.
-
@cwegh said in HAProxy: Use UNLESS condition instead of default IF:
@viragomann That was it, thanks! Searched a lot put could find any documentation on this.
I know this is an old thread but I', still having issues with this, any chance you can post a screenshot on where exactly you place the "!"??
-
@maturola
In front of the ACL name in the actions ACL field.However, there is also a possibility to negate the ACL itself by checking "not".
-
@viragomann said in HAProxy: Use UNLESS condition instead of default IF:
@maturola
In front of the ACL name in the actions ACL field.However, there is also a possibility to negate the ACL itself by checking "not".
Doesn't really work for me, I ended up with a "!" in front of the same,,,
backend onlyoffice_ipvANY mode http id 115 log global timeout connect 30000 timeout server 30000 retries 3 load-server-state-from-file global acl existing-x-forwarded-host req.hdr(X-Forwarded-Host) -m found acl existing-x-forwarded-proto req.hdr(X-Forwarded-Proto) -m found http-request add-header !X-Forwarded-Host %[req.hdr(Host)] if !existing-x-forwarded-host http-request add-header !X-Forwarded-Proto https if !existing-x-forwarded-proto server onlyoffice 192.168.10.145:80 id 109 ssl verify noneUsing the "not" check box, does yield a ! after the if, which I guest if+! = unless??? I was expecting the "if "to change to "unless" but I guest negating the ACL works the same. however that still doesn't seen to work to do the SSL offloading for the onlyoffice server, I still get 503 Service Unavailable.
-
@maturola
I don't believe that 503 has anything to do with the add-heafer action.
Check the backend status. -
@viragomann said in HAProxy: Use UNLESS condition instead of default IF:
@maturola
I don't believe that 503 has anything to do with the add-heafer action.
Check the backend status.I'm afraid you are right, but everything else is setup exactly the same and all other services work except for onlyoffice so I thought this may be the issue, but I don't think it is.
Sticking with google docs i guess =(
-
@maturola
So what about the backend health? If you go to Statute > HAproxy stats, is the backend green there? -
Here my pfsense configuration in which OpenOffice works. What is your configuration on Nextcloud for Onlyoffice?
-
@viragomann said in HAProxy: Use UNLESS condition instead of default IF:
@maturola
So what about the backend health? If you go to Statute > HAproxy stats, is the backend green there?Well, Honestly I'm not sure where the "Green/Red" would be but the back end status looks the same as all other services that are working. (screenshot of onlyoffice and "password" which is bitwarden).
@cwegh said in HAProxy: Use UNLESS condition instead of default IF:
Here my pfsense configuration in which OpenOffice works. What is your configuration on Nextcloud for Onlyoffice?
Thank you, this is how I have it now, but still getting 503 error. I haven't gotten to the nextcloud config yet as it pings the https://<serveraddress>/healthcehck and that url gets 503 error (currently)
-
It is normal health check fails if your backend is not configured yet. Turn off your health check (set to none) or configure Nextcloud for Onlyoffice and you should be good to go.
-
@maturola said in HAProxy: Use UNLESS condition instead of default IF:
Well, Honestly I'm not sure where the "Green/Red" would be but the back end status looks the same as all other services that are working. (screenshot of onlyoffice and "password" which is bitwarden
You"ve disabled health check. So there is no information on the backend status.