Hi
Can we have a haproxy.cfg without backend members , we want to use the hap solely for redirection only .
Please let me know if more info is needed…
Absolutely.
@lukastribus Could you please help me, of how we can do that, with an example syntax would be immensely helpful. Thanks in advance .
Sure, just provide the current configuration you already have an I will make a suggestion.
Yeah sure ,here iam trying to redirect ab.com to cd.com but would want it by bypassing the backend section
frontend http-in
bind *:8080
mode http
acl valid_method method DELETE PUT GET POST OPTIONS PATCH
http-request deny if ! valid_method
acl url_ab url_beg /dum
acl url_ab_hdr hdr(host) -i [http://ab.com](http://ab.com/)
redirect prefix [http://cd.com](http://cd.com/) code 301 if { hdr(host) -i [http://ab.com](http://ab.com/) }
default_backend default_backend
backend default_backend #not of any use
balance roundrobin
cookie SERVERID insert indirect nocache
server workernode1 :9000 weight 1 maxconn 512 check cookie ab_dum
You’d remove the backend section, and the default_backend directive pointing to that backend. Notice that the host header is not http://ab.com/, but ab.com.
frontend http-in
bind *:8080
mode http
acl valid_method method DELETE PUT GET POST OPTIONS PATCH
http-request deny if ! valid_method
redirect prefix http://cd.com code 301 if { hdr(host) -i ab.com }yes, done. But when i remove them it throws a 503 service unavailable error ,rather than redirecting .
Browsers probably include the port number here, seeing as this is a non-standard port 8080.
Try:
redirect prefix http://cd.com code 301 if { hdr(host) -i ab.com:8080 }Still no luck , stil throws a 503 service unavailable 
Can you provide the output of a curl -vv http://ab.com/ call?
Works fine for me:
$ curl -vv --resolve ab.com:8080:10.0.0.33 http://ab.com:8080/asdasd
* Added ab.com:8080:10.0.0.33 to DNS cache
* Hostname ab.com was found in DNS cache
* Trying 10.0.0.33...
* TCP_NODELAY set
* Connected to ab.com (10.0.0.33) port 8080 (#0)
> GET /asdasd HTTP/1.1
> Host: ab.com:8080
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< content-length: 0
< location: http://cd.com/asdasd
<
* Connection #0 to host ab.com left intact
$curl -vv http://ab.com
GET / HTTP/1.1
User-Agent: curl/7.29.0
Host: ab.com
Accept: /
- HTTP 1.0, assume close after body
< HTTP/1.0 302 Found
< Location: https://ab.com/
< Server:
- HTTP/1.0 connection set to keep alive!
< Connection: Keep-Alive
< Content-Length: 0
<
- Connection #0 to host ab.com left intact
Strange , could you please share the exact config u had used ?
What you are showing here does not match with what you configured and what you explained. Is haproxy running on port 8080 or not? Because you are pointing curl to a service on port 80, not 8080. Also it is redirecting to https on the standard port, not returning a 503 error as you said.
So I’m not sure what happens.
The configuration I use is:
frontend http-in
bind *:8080
mode http
acl valid_method method DELETE PUT GET POST OPTIONS PATCH
http-request deny if ! valid_method
redirect prefix http://cd.com code 301 if { hdr(host) -i ab.com:8080 }
And I’m running curl against it (destination IP is 10.0.0.33):
curl -vv --resolve ab.com:8080:10.0.0.33 http://ab.com:8080/asdasdWhat we are trying to do is that, we have an LB that is listening at port (say 9000) and we have hap as docker container ,that when initialized is mapped as -p 8080:9000 ,
so user req hits the lb at 80 request moves via 9000 to 8080 hap inturn to a backend (this is my understanding,correct me if iam wrong )
now when iam trying to access the app at browser m getting a 503 ,but not in curl .
I have tried the exact config changing the port and everything ,still no luck.
Would you be having any active implementation of such a scenario ,that i can take a reference of ?
There is no point in looking at other haproxy configurtions or implementations. The above configuration works.
You need to troubleshoot the problem, understand what host header arrives at haproxy to be able to match the correct one, and understand where exactly the 503 error is coming from.
For example: in your browser open the developer tools (F12 in most browser) and review all the request and responses. Also enable haproxy logging and compare with the dev tools informations.
If you want to exclude the host header match for now, just redirect unconditionally (be removing the ACL condition):
redirect prefix http://cd.com code 301The redirect is working perfectly for
redirect prefix https://cd.com code 301
But however when i add the if condition
redirect prefix https://cd.com code 301 if { hdr(host) -i https://ab.com:8080 } or
redirect prefix https://cd.com code 301 if { url_beg /abc }
it returns a 503 denoting failure of redirection as the redirection rule itself is not being processed ( doesnt make sense for hap) .
The HAP log shows http_request:GET /abc HTTP/1.1 with termination state as SC
Ps:503 is the default output that ab.com gives when no hap redirect is configured
Please let me know any suggestions wrt this ?
The ACL does not match. You need to know what’s in the Host header to write a rule matching that host header.
What are you literally writing in the address bar of the browser EXACTLY when accessing haproxy, expecting the redirect?
In that case you did not tell me the whole story, because your haproxy is not configured for TLS termination.
What we are trying to do is that, we have an LB that is listening at port (say 9000 with abc.com) and we have hap as docker container ,that when initialized is mapped as -p 8080:9000 ,
so user req hits the lb at 80 request moves via 9000 to 8080 hap inturn to a backend .SSL termination is handled at the f5 LB itself and we would need the haproxy to solely take care of the redirection alone .
And right now we are trying for redirect of url to happen based on the context path as condition .