Haproxy redirect on 443


#1

I was using .htaccess to redirect users to cloud.

Here is my config in apache mod.i put in some dummy urls. it needs to redirect on port 443.
I need to switch over to Ha Proxy, I am using the latest stable haproxy. 1.8

Options +FollowSymLinks
RewriteEngine on
RewriteRule ^token. https://123.testing.io:443/oauth/token [R=301,L] RewriteRule ^test2.* https://345.testing.io:443/svc/device/dev?limit=100 [R=301,L]
RewriteRule ^test3.
$ https:/456.testing.io:443/svc/v1/com/devices [R=307,L]

so basically when someone goes to the server with /token it forwards them to the cloud url on port 443. The requests are also being sent on port 443.
cant figure out how to get these to work in haproxy. backend needs IP not url.
These urls are in aws cloud, I cannot use IP address only url.
can someone assist please.
thank you.


#2

anyone got any ideas ?


#3

I don’t know what this apache configuration does.

redirect scheme https if !{ ssl_fc }

What’s a cloud URL?

Are you trying to say that in the haproxy backend configuration you can only put ip addresses and your backend will be AWS with hostnames?

Actually you can use hostnames and configure dynamic DNS resolution.


#4

correct.
I do not have an IP address to forward to. I only have the urls.
And what I have read in the backend you can only put an IP, and I do not have IP addresses in AWS, only urls.

cloud url is just the url to the cloud site. no IP address.


#5

You can use hostnames and use the DNS resolver, as explained above.


#6

ok. is there a way to redirect the urls without using a backend ?


#7

Yes, use the http-request redirect option.


#8

this option works with https ?
the requests are being sent to port 443 on https, and forwarded on the same. Doesnt that work with just http ?


#9

When you terminate SSL on haproxy (meaning you have the certificate and the private key and use it in haproxy), and you are in http mode, then you can do everything.

When you don’t terminate SSL, there is no way to intercept, redirect or do anything with the request (other than forwarding plain TCP with encrypted SSL).