Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA-proxy: How to forward url-A to url-B?

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    2
    2
    383
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      louis2
      last edited by louis2

      I installed HA-proxy (develop-version) in order to

      • handle SNI
      • to switch between back end's

      In my actual case port 80 and/or port 443 should be forwarded to the corresponding back-end, where the certificate is at the server, not on HA-proxy/pfSense.
      (HA-proxy should be transparent for the SSL)

      So I defined a back-end pointing to server-A and or server-B
      And defined a corresponding front end pointing to the back-end above. That seems to work.

      However I have also situations where the in comming URL-C should be forwarded to an URL-D some where else on the internet.

      My initial idea was that that 'should be' a back-end function, but that is not the case I think.

      I think this need to be handled in the front-end. So in the front-end under actions, I chooses 'http-request redirect'.

      So far so good ..... however then .. it becomes complicated ....
      I hooped that a simple 'location http://www.toexample.com' would do ..... however it seems to be more complicated.

      I got a warning like ^expects 'code', 'prefix', 'location', 'scheme', 'set-cookie', 'clear-cookie', 'drop-query', 'ignore-empty' or 'append-slash' (was 'localtion').^

      What I want is that
      Selection:
      For access control I choose ^Host ends with^ ^.example.com^

      Is forwarded to ^www.alternative-site.com^

      However 'what is the required rule !!??'

      I hope someone has the answer 😊

      Louis
      PS I assume that 'http-request redirect' can also handle https !?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @louis2
        last edited by

        @louis2 said in HA-proxy: How to forward url-A to url-B?:

        In my actual case port 80 and/or port 443 should be forwarded to the corresponding back-end, where the certificate is at the server, not on HA-proxy/pfSense.
        (HA-proxy should be transparent for the SSL)

        For access control I choose ^Host ends with^ ^.example.com^
        PS I assume that 'http-request redirect' can also handle https !?

        Sure, it can. But I'm in doubt that HAproxy can read the host header of an encrypted request without having the server certificate and private key for it.
        It can read the SNI at its best. But this might only work in TCP mode and then not for unencrypted traffic.

        So maybe you can configure a separate HTTP frontend listening on port 80 for unencrypted request. Here you can use a host header ACL doing the http-request redirect.
        And configure an additonal SSL/HTTPS TCP mode frontend for port 443, encrypted traffic with an SNI ACL and redirect it to whatever you want.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post