Haproxy apache double 301 redirect - Solved


#1

Hello,

I have haproxy with SSL termination config.

frontend http-in
 log global
 maxconn 50000
 timeout http-request 5s 
 option forwardfor
 bind x.x.x.x:80 
 reqadd X-Forwarded-Proto:\ http
 mode http
 redirect scheme https code 301


frontend secure-s
 log global
 mode http
 maxconn 50000
 option http-server-close
 bind x.x.x.x:443 name seapps ssl crt /usr/local/ssl/wc/nwc_rn.pem crt /usr/local/ssl/wc/fullchain.pem alpn h2,http/1.1
 acl hsts_exists res.hdr_cnt(Strict-Transport-Security) gt 0
 http-response add-header Strict-Transport-Security max-age=31536000;\ includeSubDomains if ! hsts_exists
 rspadd Content-Security-Policy:\ upgrade-insecure-requests

 reqadd X-Forwarded-Proto:\ https
 redirect scheme https code 301 if !{ ssl_fc }
 
 default_backend apps

backend apps
 option forwardfor
 option http-server-close
 option tcp-smart-connect
 cookie SERVERID insert

 server ap1 192.168.1.10:80  maxconn 1000 cookie 1 check
 server ap2 192.168.1.11:80  maxconn 1000 cookie 2 check

On Apache server

<VirtualHost *:80>
ServerName sd.example.com
DocumentRoot /html/static
        
RewriteEngine on

#remove slash
RewriteRule ^/search-(.*?)-products\/$ /search-$1-products [R=301,L]
...
...

</VirtualHost>

Now, When I hit

$curl -I https://sd.example.com/search-hr-ele-equip-products/
HTTP/1.1 301 Moved Permanently
Date: Mon, 21 May 2018 06:44:17 GMT
Server: Apache
Location: http://sd.example.com/search-hr-ele-equip-products
Content-Type: text/html; charset=iso-8859-1
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: upgrade-insecure-requests
Set-Cookie: SERVERID=1; path=/

Location: http://sd.example.com/search-hr-ele-equip-products -----> Again get to https with 301 -I need to eliminate this. Please advise - if I need to add some rules in Apache ?


#2

Looks like all I needed to was - That solved the problem.

RewriteRule ^/search-(.*?)-products\/$ https://%{HTTP_HOST}/search-$1-products [R=301,L]