Backend redirects

Help!
1

Hello,

we have a little configuration problem, maybe some guru can help us. :slight_smile:

Haproxy 1.7.11

blog.example.com = blog
blogde.example.com = blogde

We configured some redirects in the htaccess file of the backend servers.
The redirect should forward from blogde to blog/de/de/. Blogde is an CNAME of blog.

We configured an SSL Cert for “blog” in the frontend config in the Haproxy config. So now the users type in “blogde” and they get an certificate error (SSL_ERROR_BAD_CERT_DOMAIN).
If the users try to reach “blog”, everything is fine.

Is it possible to use the htaccess redirects on the backend servers ?

Thanks in advance.

regards
Patrick

2

You mean the users should always see “blog.example.com”, while the backend expects the host Header blogde.example.com?

You can just (re)set the Host header in the backend:
http-request set-header Host blogde.example.com

3

thanks for your answer.Yes the users should always see “blog/.example/.com” because the SSL Cert is based on blog/.example/.com.
Its a good information, but i want to redirect to an url (not fix) for example like this

“blog/.example/.com/blog/startPage.faces?blogId=599”

The blog id (599) can change if the reached url is (for example)

“bloges/.example/.com”

it should redirect to

“blog/.example/.com/blog/startPage.faces?blogId=520”

The htaccess entrys on the backend servers looks like this

RewriteCond %{HTTP_HOST} blogde/.example/.com [NC]
RewriteRule ^(.*)$ http(s)://blog/.example/.com/blog/startPage.faces?storeId=599 [R=302]

or like

RewriteCond %{HTTP_HOST} bloges/.example/.com [NC]
RewriteRule ^(.*)$ http(s)://blog.example.com/blog/startPage.faces?storeId=502 [R=302]

Hope I explained it clear, its hard, because I can use only two URLs :slight_smile:

thanks again for your help.

regards
Patrick

4

I have bumped your trust level, the forum by default blocks a lot of things from new users for spam reasons.

Let’s see if I understood this correctly, we actually redirect based on a wrong hostname where the SSL certificate doesn’t match in the first place? I’m not sure I understand what you want to achieve and how you want to avoid certificate mismatches then.

http-request redirect location https://blog.example.com/blog/startPage.faces?storeId=599 if { hdr(host) -i blogde.example.com }
http-request redirect location https://blog.example.com/blog/startPage.faces?storeId=502 if { hdr(host) -i bloges.example.com }
5

thanks for the trust level :slight_smile:

http-request redirect location https://blog.example.com/blog/startPage.faces?storeId=599 if { hdr(host) -i blogde.example.com }
http-request redirect location https://blog.example.com/blog/startPage.faces?storeId=502 if { hdr(host) -i bloges.example.com }

works great, you are the best, thank you !!
I have another challenge, additionally to the first one.The htaccess on the backend looks like this

RewriteCond %{HTTP_HOST} blogde.example.com [NC]
RewriteRule ^webapp(/*)$ https://webappblog.example.com/blog/app/?shop=599 [L,R=302]

If someone want to go to blogde.example.com/webapp , the users should redirected to https://webappblog.example.com/blog/app/?shop=599 . Is this also possible, additionally to the first redirect in my post before ?

Sorry I am new at using haproxy…

So many thanks for your great help.

kind regards
Patrick

6

Sure, just put the following rule before the other blogde rule:

http-request redirect location https://webappblog.example.com/blog/app/?shop=599 if { hdr(host) -i blogde.example.com } { path_beg /webapp/ }
7

thanks again, but I´m landing on

https://blog.example.com/blog/startPage.faces?storeId=599

this is the order in the config file

http-request redirect location https://webappblog.example.com/blog/app/?shop=599 if { hdr(host) -i blogde.example.com } { path_beg /webapp/ }
http-request redirect location https://blog.example.com/blog/startPage.faces?storeId=599 if { hdr(host) -i blogde.example.com }

the http log looks like this:

May 30 14:36:01 de-haproxy-jshop haproxy[5247]: 10.98.150.72:53278 [30/May/2018:14:36:01.843] jshop_80 jshop_80/ 0/-1/-1/-1/0 302 136 - - LR-- 2/2/0/0/0 0/0 “GET /webapp HTTP/1.1”

May 30 14:36:01 de-haproxy-jshop haproxy[5247]: 10.98.150.72:53279 [30/May/2018:14:36:01.859] jshop_443~ jshop/jshop10 0/0/1/12/14 200 3827 - - --NR 3/1/0/0/0 0/0 “GET /blog/startPage.faces?storeId=599 HTTP/1.1”

I think the redirect to https://webappblog.example.com/blog/app/?shop=599 is ignored.

Do you have another hint for me ? :slight_smile:

many thanks.

kind regards
Patrick

8

Yeah, looks like the second statement matches anyway. We will need to negate it there:

http-request redirect location https://webappblog.example.com/blog/app/?shop=599 if { hdr(host) -i blogde.example.com } { path_beg /webapp/ }
http-request redirect location https://blog.example.com/blog/startPage.faces?storeId=599 if { hdr(host) -i blogde.example.com } !{ path_beg /webapp/ }
9

many thanks ! works perfect.
I dont know which answer i should mark as solution, you gave me so much solutions. You save me so much time.

Many thanks again.

kind regards
Patrick

1 Like
10

got another request about this topic…is it also possible if someone try to reach https://blogde.example.com direct to redirect the request to https://blog.example.com/blog/startPage.faces?storeId=599 ?

thanks.

11

Sure the path in this case is / :

http-request redirect location https://blog.example.com/blog/startPage.faces?storeId=599 if { hdr(host) -i blogde.example.com } { path / }
12

thanks for your reply. I got also an ERR_CERT_COMMON_NAME_INVALID with { path / } added.
very strange…

13

That doesn’t have anything to do with the redirect and the path /. Look at the actual problem instead (certificate name mismatch).

14

this is correct, but the certificate is installed on blog.example.com and not on blogde.example.com. Thats why we want to redirect to blog.example.com :slight_smile:

15

Then you need to get a certificate for blogde.example.com.