HAProxy community

Application behind Haproxy with SSL offloading

Hello guys!

I’m fairly new to haproxy and I hope you guys can help me out.

I have a haproxy setup where I offload SSL. Behind I have two test sites (basic nginx installations on vms) that listen on HTTP:80. I have URL based routing to these on my wan domain:


frontend http_in80
bind ipv4@:80
option forwardfor

redirect scheme https code 301 if !{ ssl_fc }

frontend http_in443

    bind ipv4@:443 ssl crt /var/cert/mydomain.pem
    redirect scheme https if !{ ssl_fc }
    option forwardfor
    acl site1_acl path_beg -i /site1
    use_backend site1_backend if site1_acl

    acl site2_acl path_beg -i /site2
    use_backend site2_backend if site2_acl

backend site1_backend
mode http
reqrep ^([^\ ]\ /)site1[/]?(.) \1\2
server hostname xxx.xxx.xxx.xxx:80 check

backend site2_backend
mode http
reqrep ^([^\ ]\ /)site2[/]?(.) \1\2
server halbs2.web.srvs.atlasz.local xxx.xxx.xxx.xxx:80check

This works fine. The pages get served on https. This leads me to believe this part of my config is ok, but maybe you’ll see something I didn’t.

So now I have an application in my network that listens on 8077 and has to be reached from the internet. So I take the same approach and make an acl and a backend for it like so:

acl myapp_acl path_beg -i /myapp
use_backend myapp_backend if myapp_acl

backend myapp_backend
balance source
stick-table type ip size 10m
stick on src
option forwardfor
option http-keep-alive
mode http
reqrep ^([^\ ]\ /)pwi[/]?(.) \1\2
server myappserver xxx.xxx.xxx.xxx:8077

Took the same approach but the app doesn’t work. Now, I know the app works because for testing I opened it up to the web so on mydomain/myapp:8077 it works just fine. But not through the proxy. The app starts to load and then hangs and times out. Looking at it through firefox devmode I see that it hangs as soon as the several .js files should be served from various subfolders (this is a sencha app) so /ext/whatever/something.js and so on.

Any ideas would be greatly appreciated!


Don’t use paths, but different hostnames instead to route different applications.

Otherwise, haproxy would have to rewrite and correct all wrong links in the HTTP Payload, which is not supported.

Thanks for answering, but what do you mean by routing with hostnames exactly?

    acl site1_acl hdr(host) site1.example.org
    use_backend site1_backend if site1_acl

    acl site2_acl hdr(host) site2.example.org
    use_backend site2_backend if site2_acl

    acl site3_acl hdr(host) site3.example.org
    use_backend site3_backend if site3_acl

No path manipulation, not reqrep in the backend, just straightforward additional DNS entries and haproxy routes based on the HTTP host header, instead of paths.