Reverse proxy (HAproxy) not redirecting to correct servers

pfsenses · May 17, 2013, 10:55 AM

Hi,
I'm running HAproxy full and have set up a bunch of front ends connecting to two servers.
I've named them by their domain name, but am not sure how to tell HAproxy that when traffic comes in on port 80 with the host header for a particular domain, to pick a particular backend server.

It looks like you can pass through cookies and text, but i'm not sure how to or if I can use that to ensure the right frontend is matched up to the correct backend server.

Any ideas?

PiBa · May 20, 2013, 1:46 PM

Hi, when you have 1 ip:port to listen on, and need to decide to send the request to different backends depending on the requested domain, it is required to use 'acl' access control lists with proper criteria.. this doesn't seam to be possible from the "haproxy-full" package, you should probably install the "haproxy" package, or use "haproxy-devel". You can create 2 frontend configurations, and add a "Access Control lists":

Name: "anythingyoulike" Expression: "Host matches:" Value: "your.domain.com"

If you also need this functionality with 'https' then you need to use the "haproxy-devel" package based on the newer HAProxy1.5 branch which has SSL-offloading and SNI support.

pfsenses · May 20, 2013, 11:06 PM

Hi PiBa,
Thank you very much for your time and help.
i'm hoping to get a chance to try your recommendation out tonight and will let you know how I get on.

pfsenses · May 21, 2013, 6:52 AM

Hi PiBa,
That seems to have sorted that issue, i'm now able to use HAProxy to reverse proxy through to various hosts depending which domain name is requested.
I'm now trying to use a path based ACL to redirect to my nagios server when nagios is in the path, but I should have that going shortly.

Thanks again for your help.

pfsenses · May 22, 2013, 8:16 AM

Or not, having quite a bit of trouble getting a path based ACL working.

I'd like to set up my ACL so that I can browse to http://[mydomain]/Path and be redirected to a specific backend.
I've attempted most of the path based rules, has anyone got this working?

PiBa · May 22, 2013, 6:42 PM

Hey, it works, but you do have to close the connections 'forcefully'.

Check the following option for the frontends: "Use 'httpclose' option"

and set a acl like this:
Name:"PathACL" Expression:"Path starts with" Value: "/Path"

please note that the backend does need to serve its content also from http://backend/Path/ folder..

pfsenses · May 22, 2013, 9:24 PM

Thanks PiBa,
I'm currently not using the http close option for the frontends, but the ACL is configured.
I'll make the change tonight and see how it goes.

Thanks again for your help