HAProxy community

Haproxy error 301 with apache2 rewrite rules


#1

Hi everybody,
I try to setup haproxy as a reverse proxy to redirect web queries to different servers.
But I have a problem with wordpress servers under apache2 using rewrite rules to redirect hhtp queries to https.

On the client side I got a “The page isn’t redirecting properly” message
On the haproxy server I got this in the haproxy.log :

Nov  8 14:12:48 rproxy haproxy[1087]: 10.5.0.176:59316 [08/Nov/2018:14:12:48.122] https-in~ bk_webtest2/webtest2 0/0/0/1/1 301 548 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
Nov  8 14:12:48 rproxy haproxy[1087]: 10.5.0.176:59316 [08/Nov/2018:14:12:48.127] https-in~ bk_webtest2/webtest2 0/0/0/2/2 301 548 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
Nov  8 14:12:48 rproxy haproxy[1087]: 10.5.0.176:59316 [08/Nov/2018:14:12:48.165] https-in~ bk_webtest2/webtest2 0/0/0/1/1 301 548 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
Nov  8 14:12:48 rproxy haproxy[1087]: 10.5.0.176:59316 [08/Nov/2018:14:12:48.185] https-in~ bk_webtest2/webtest2 0/0/0/2/2 301 548 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
Nov  8 14:12:48 rproxy haproxy[1087]: 10.5.0.176:59316 [08/Nov/2018:14:12:48.198] https-in~ bk_webtest2/webtest2 0/0/0/1/1 301 548 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"
Nov  8 14:12:48 rproxy haproxy[1087]: 10.5.0.176:59316 [08/Nov/2018:14:12:48.219] https-in~ bk_webtest2/webtest2 0/0/0/2/2 301 548 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1"

On the apache web server, I got this :

10.5.0.43 - - [08/Nov/2018:12:56:01 +0000] "GET / HTTP/1.1" 301 548 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
10.5.0.43 - - [08/Nov/2018:12:56:01 +0000] "GET / HTTP/1.1" 301 548 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
10.5.0.43 - - [08/Nov/2018:12:56:01 +0000] "GET / HTTP/1.1" 301 548 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
10.5.0.43 - - [08/Nov/2018:12:56:01 +0000] "GET / HTTP/1.1" 301 548 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
10.5.0.43 - - [08/Nov/2018:12:56:01 +0000] "GET / HTTP/1.1" 301 548 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

Here is (part of) my haproxy.cfg :

[...]
frontend https-in
	mode http
	bind *:80
	bind *:443 ssl crt-list /etc/haproxy/crt-list.txt
	acl acl_webtest2 hdr(host) webtest2.pierrefitte93.fr
	use_backend bk_webtest2 if acl_webtest2

backend bk_webtest2
	mode http
	option httpchk
#	option forwardfor except 127.0.0.1
#	http-request redirect scheme https if ! { ssl_fc }
	server webtest2 10.5.0.87:80

And, finally, the apache2 rewrite rule :

#Redirect to SSL version

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Can anybody help me about this problem ?
Regards,
JPW


#2

Don’t redirect in Apache, wordpress will already do that, just make sure you communicate the fact that haproxy is terminating HTTPS properly from Haproxy to Apache and from Apache to wordpress:

In haproxy set the X-Forwarded-Proto header, based on whether the request comes in as HTTP or HTTPS:

http-request set-header X-Forwarded-Proto http if ! { ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }

In Apache, configure something like this:

<IfModule mod_setenvif.c>
  SetEnvIf X-Forwarded-Proto "^https$" HTTPS
</IfModule>

Stolen from:

You can decide whether or not you want to redirect to https on haproxy; it’s probably not necessary because wordpress will do that.


#3

Many thanks, it works perfectly !