This config doesn’t work because HAProxy will try to load https://appserver1.otherdomain.com/application1 in the backend, which doesn’t exist. I Already tried several rewrite settings in the backend config part without any success. Some examples:
It sounds like you need to modify responses to add back the path when HAProxy responds on behalf of the backend server. This is typically done in the Location header.
A word of caution: Some apps will let you play with this. Others send file payloads that include a relative path as the app expects it, so modifying the location header causes a mismatch and breaks things.
Assuming your app allows you to play with the Location header, I think you’re looking for something like this in your backend:
Thank you very much for your reply and effort.
Unfortunately, the config gives an error when validating the config file:
error detected in backend ‘application1’ while parsing ‘http-response set-header’ rule : sample fetch <path]> may not be reliably used here because it needs ‘HTTP request headers’ which is not available here.
This passes configuration checks on my instance of HAProxy. I’m not set up for what you’re trying to do, so I’m not able to test it for actual functionality.
backend application1
# Removes /application1 before sending it to backend.
http-request replace-path /application1(.*) \1
# Adds /application1 to location on response from backend.
http-response replace-header Location (.*) /application1/\1
Once again, there’s a good chance your application won’t like a proxy doing this as it messes with relative paths. I pulled something like this off for a little while by removing /admin from the pi-hole web interface, but an update broke it. I ended up having to let the app set its own paths. If your application supports setting its own paths, that’s the best way to accomplish this.
With this settings the config validates but just gives “Bad Request”.
Like you said: I’ll experiment some more with the values to see if I can get it to work.
I’m well aware that it might never work if paths are not all relative and even then it still might not work. I Will also contact the app vendor to see if they can help by changing their web config to serve from a subfolder.
Thank you very much once again for your time and effort! Much appreciated!
backend from app server (VM with Nginx … classical way) , which contains several apps
balance leastconn
log global
mode http
option forwardfor
stick-table type ip size 1m expire 2m
acl app1 url_beg eq /app1
acl app2 url_beg eq /app2
acl valid_method method GET POST HEAD
acl response-is-redirect res.hdr(Location) -m found
http-request set-header Host fra-test-app1.test.local if app1
http-request set-header Host fra-test-app2.test.local if app2
http-request replace-uri ^/app1/(.*) /\1 if app1 valid_method
http-request replace-uri ^/app2/(.*) /\1 if app2 valid_method
http-response replace-header ^Location (http|https)://fra-test-app1.test.local\/(.*) Location:\ \1://%[hdr(host)]/app1/\2 if response-is-redirect
http-response replace-header ^Location (http|https)://fra-test-app2.test.local\/(.*) Location:\ \1://%[hdr(host)]/app2/\2 if response-is-redirect
This setup works and I get the /app1/… or /app2/… on the global frontend. The difference on the new setup is, that App server is not a classical Nginx host, but Docker (Nginx → PHP-fpm).
If I try the same ruleset, then the /app1 is removed before it reaches the Docker container, but not readded before the global frontend. So images / css and co failing because of the missing “/app1”
I tried also very long … and I don’t understand … what the issue is … the only thing I can imagine is, the Hostname from the Nginx in Docker …
ISSUE FOUND
After a looooot of debug … I’ve found the issue: it was never working that way, we have on the classical setup … these rules where not used at all, except http-request replace-uri ^/app1/(.*) /\1 if app1 valid_method. The backend apps are Symfony and they have a param called virtual_directory whtih was set on the VMs to app1/, but that wasn’t the case on the Docker image. After setting it there too … it started working