How to add header to per server backend


#1

Hi

i have a unique requirement. We have to add a custom header for every backend server definition. This header will be analysed by downstream SSO agent and forward to appropriate IP address specified in header after authentication. This custom header contain iP address of router . SSO servers running from different servers. RP server simple send all incoming traffic to SSO server as shown below example.

SSO server doesn’t have too much intelligent except look into header send by RP server and forward to appropriate IP address after authentication was done.

request flow:

url --> HAProxy RP server --> SSO server --> DC specific router --> application

RP server simply send traffic to SSO server for all traffic. SSO server does authentication and look for X-SSO hader. based on the IP address of this header, it will forward to that IP address.

I want to a rule something like below

acl is_sales4 hdr(host) -i sales-sso-mvdc.example.com
use_backend sales4_backend if is_sales4

backend sales4_backend
cookie SERVERID insert indirect nocache
balance roundrobin
server server4 sso_server1:3000 check cookie sales-sso-dc1 http-request set-header X-SSO 10.42.137.158
server server5 sso_server2:3000 check cookie sales-sso-dc2 http-request set-header X-SSO 10.42.137.158

I knew it is not possible. i checked HAProxy documentation. server options doesn’t support per server http-request header setting. We can set up only at backend definition but not per server basis. I can’t use conditional http-request also since it doesn’t have any such unique criteria.

Thanks in advance.


#2

Hi

Any ideas or suggestions for above problem?

Srinivas Kotaru


#3

You should check the directive “http-send-name-header”. It allows you to insert the server name into a given header field before passing the request to the server. It was designed exactly for this purpose.


#4

Willy

Thank you very much. It is working. below is sample config

backend sales4_backend
cookie SERVERID insert indirect nocache
option httpchk HEAD /pingpong.html HTTP/1.1\r\nHost:\ sales-sso-multidc.example.com
http-check expect ! rstatus ^5
http-send-name-header X-SSO
balance roundrobin
server 10.42.137.158 server1:3000 ssl verify none check cookie sales-sso-dc1 inter 2000 rise 2 fall 3
server 10.42.136.152 server1:3000 ssl verify none check cookie sales-sso-dc2 inter 2000 rise 2 fall 3

now downstream SSO agent was able to see x-sso header with IP’s. These IP represent router where SSO agent has to forward after authentication. so far so good

am having issues at health probes. I still need to send this header and IP even for health probes also. By default health probes not honoring http-send-name-header . when health probes are send to downstream server ( SSO agent), it was unable to decide where to forward since x-sso and IP missing.

I used below approach but that also not working. I need help to verify whetehr it is possible to send header for probes

backend sales4_backend
cookie SERVERID insert indirect nocache
option httpchk HEAD /internal-check
http-check expect ! rstatus ^5
http-send-name-header X-SSO
balance roundrobin
server 10.42.137.158 server13000 ssl verify none check cookie sales-sso-dc1 inter 2000 addr 127.0.0.1 port 49170 rise 2 fall 3
server 10.42.136.152 server1:3000 ssl verify none check cookie sales-sso-dc2 inter 2000 addr 127.0.0.1 port 49171 rise 2 fall 3

listen monitor-mdm_prod_head_1
bind 127.0.0.1:49170
monitor-uri /internal-check
monitor fail if { nbsrv(monitor-mdm_prod_head_1) eq 0 }
option httpchk HEAD /pingpong.html HTTP/1.1\r\nHost:\ sales-sso-multidc.example.com\r\nX-SSO:\ 10.42.137.158
http-check expect ! rstatus ^5
server mdm_prod_head_1 server1:3000

listen monitor-mdm_prod_head_2
bind 127.0.0.1:49171
monitor-uri /internal-check
monitor fail if { nbsrv(monitor-mdm_prod_head_1) eq 0 }
option httpchk HEAD /pingpong.html HTTP/1.1\r\nHost:\ sales-sso-multidc.example.com\r\nX-SSO:\ 10.42.137.152
http-check expect ! rstatus ^5
server mdm_prod_head_1 server1:3000

am getting below error in logs

May 10 01:47:22 skotaru-vm1 haproxy-80[8045]: Health check for server sales4_backend/10.42.137.158 failed, reason: Layer7 invalid response, info: “<3C>!DOCTYPE html PUBLIC <22>-//W3C//DTD XHTML 1.0 Transitional//EN<22> <22>http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd<22><3E>”, check duration: 0ms, status: 2/3 UP.

I tried multiple combinations with option httpchk with

option httpchk HEAD /pingpong.html HTTP/1.1\r\nHost:\ sales-sso-multidc.example.com\r\nX-SSO:\ 10.42.137.152\r\n\r\n

(or)
option httpchk HEAD /pingpong.html HTTP/1.1\r\nHost:\ sales-sso-multidc.example.com\r\nX-SSO:\ 10.42.137.152\r\n

Questions/

  1. is it possible to send another header along with Host: with helath probes?
  2. if Yes what is the syntax.

Thanks you very much in advance.

Srinivas Kotaru