Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy: Adding a Path in Backend Config

    Scheduled Pinned Locked Moved Cache/Proxy
    7 Posts 2 Posters 838 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Gamienator 0G
      Gamienator 0
      last edited by

      Hey everyone,

      I hope you're able to help me out. Behind a Reverseproxy I'm running Uptime-Kuma. The neat part of this is, that you can setup public status pages. What I want is, that the Adminpage should be reachable at
      admin.status.test.com and the public page at: status.test.com. Reason for this is, that I'm able to put another ACL an admin.status.test.com so I'm able to restrict SourceIP Access.

      Now my Question: How am I able to configre the backend? While the admin page is reachable at http://172.16.10.4:3001 the public page is reachable at http://172.16.10.4:3001/status/all So Same IP and Port. Adding /status/all to the address field in the backend results into an error.

      Thanks for your help!

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Gamienator 0
        last edited by

        @Gamienator-0 said in HAProxy: Adding a Path in Backend Config:

        Reason for this is, that I'm able to put another ACL an admin.status.test.com so I'm able to restrict SourceIP Access.

        You can as well restrict access based on missing the path "/status/all" with an negated "path starts with" ACL if this is your only one aim here.

        Gamienator 0G 1 Reply Last reply Reply Quote 0
        • Gamienator 0G
          Gamienator 0 @viragomann
          last edited by

          @viragomann

          Oh no, I really want to have separate Subdomains to push to other admins just that without an path

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @Gamienator 0
            last edited by

            @Gamienator-0
            I suspected this, but you weren't clear. You can insert the needed path with an "http-request set-path" action.

            You might already have created an "Host matches" admin.status.test.com ACL to restrict access to the admin page. I call it "kuma_adm" here.

            So then to insert the path, add an action "http-request set-path" and enter "/status/all/%[path]" below. At Condition acl enter "!kuma_adm", which negates the ACL.

            Basically this should be doable either in the frontend or in the backend. If in the frontend, ensure to put this rule above of the "use backend" rules.

            Gamienator 0G 1 Reply Last reply Reply Quote 0
            • Gamienator 0G
              Gamienator 0 @viragomann
              last edited by

              @viragomann

              Thanks for the advise!

              What do I need to do when I want to set it in the Backend? Year create an action but I‘m confused what the ACL should be.

              This HA Proxy serves multiple services which are separated by subdomains. So yes, I have some match host ACL in the frontend. So if I would use the negate way in your example it would be applied to the other services as well 😅

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @Gamienator 0
                last edited by

                @Gamienator-0
                You can create the same ACL for "Host matches" admin.status.test.com in the backend and use it in the rule.

                Gamienator 0G 1 Reply Last reply Reply Quote 1
                • Gamienator 0G
                  Gamienator 0 @viragomann
                  last edited by

                  @viragomann

                  Thanks! I‘ll set it up tomorrow and report 🤗

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.