Haproxy redirection


#1

Hello.
Sorry, I am newbie in a web technologies and haproxy. Please advice how to achieve desired result, described below.

Centos 6.3 and haproxy 1.5.4.

I have several paired https web services. And I want to use haproxy as load balancer and availability checker.
The main and only requirement - full request forward to one of the servers, without https/ssl termination on haproxy.
So I see it like haproxy checks server availability(wthat I believe it does by default) and sends redirection request to one of the servers .

For example I have siteA.com and siteB.com which are back-end urls to access server1 and server2 directly. With site.com assigned as front-end of haproxy url.

So we put https://site.com or http://site.com in web browser ang go directly to siteA.com or siteB.com.
Desirably at this point haproxy should give away the connection and let direct communication client - server1 or server2.
Client should see siteA.com or siteB.com and continue to work only with this site till the disconnect.

I configured pass-through mode(included config of /etc/haproxy/haproxy.cfg below)
But what I see when I access site.com is site.com which isnot good

#------------------- GLOBAL SETTINGS ---------------------------
global
        log 127.0.0.1 local0 debug
        maxconn 4096
        user haproxy
        group haproxy
    daemon

defaults
        log global
        mode http
        option httplog
        option dontlognull
        retries 3
        option redispatch
        maxconn 2000
        timeout connect 5000
        timeout client 50000
        timeout server 50000

 #------------------- FRONTEND HTTP ---------------------------
frontend default
        mode http
        option tcplog
        bind *:80

        acl site_acl hdr(Host) -i site.com

 redirect scheme https code 301 if { hdr(Host) -i site.com } !{ ssl_fc }
 
 #------------------- FRONTEND TCP ---------------------------

frontend tcp_in
        mode tcp
        option tcplog
        bind *:8444
        bind *:8445
        bind *:8443
        bind *:443

        tcp-request inspect-delay 5s
        tcp-request content accept if { req.ssl_hello_type 1 }

        acl site_acl req.ssl_sni -i site.com
        use_backend special_site if site_acl

backend special_site
        mode tcp
        balance roundrobin
        option ssl-hello-chk
        server site-A siteA.com:8443 check
        server site-B siteB.com:8443 check

#2

You are looking for Direct Server Return (DSR) I believe.

Im almost positive that HAProxy will not work, so you will need to use LVS or something similar.


#3

Hello.
DSR doesnot satisfy requirements of backend servers but it is a very good option.
What about redirect 301? Can we use some rule to just simply redirect to 1 of 2 servers?
I tested with redirect location https://web1.com code 301 if example_acl and it works but I dont know how to redirect to backend block. More details about my config is here -