302 redirect with keep-alive

Help!
1

hey everyone!

Trying to do something that I think should be simple but for whatever reason won’t work… End result I want: an HTTP request for:

http://example.com/foo/bar.jpg

should result in a 302 to

http://acme.com/foo/bar.jpg

but I want the original HTTP request to maintain it’s connection to example.com. My problem is that I see this:

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: http://acme.com/foo/bar.jpg
Connection: close

when I want to see this:

HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: http://acme.com/foo/bar.jpg

and then to see this in curl:

  • Connection #0 to host localhost left intact

I’ve tried every combination of adding “option http-keep-alive” to the defaults, frontend and backend sections. The syntax I’m using, inside of a backend config, looks like this:

http-request redirection location http://acme.com/foo/bar.jpg

Is there any way to configure haproxy to not close the original connection to example.com after doing a redirect to acme.com?

2

Please provide the output of haproxy -vv.

This is most likely depends on the release.

3

HA-Proxy version 1.5.18 2016/05/10
Copyright 2000-2016 Willy Tarreau willy@haproxy.org

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing
OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 7.8 2008-09-05
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.

That’s from my test system… I also see the same problem on 1.7.

Thanks!

AJ

4

figured it out, looks like this was fixed in 1.8:

http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=19b1412e021451d4c7ac39750b556efaaf8639bf

We’ll try to upgrade and see if that fixes things.

5

Yes, it’s also in 1.7.3.