Hi
I need to reverse proxy a tomcat application which I cant expose directly onto the internet, and this application uses spring security for login, and is breaking normal reverse proxying.
I am trying to use haproxy to reverseproxy it, but I also need to maintain the haproxy url because I have to reuse the incoming port for different applications (https port), and I am also using haproxy to pass the domain certificate to the browser.
Backend application is at https://backend:8443/backend_url(/.*)
.
I need to be able to keep the url in the browser, as https://haproxy/haproxy_url(/.*)
, but my current configuration keeps changing the URL paths to https://haproxy/backend_url(/.*)
, instead of keeping them as https://haproxy/haproxy_url(/.*)
.
Please how do I hide the root URL path from the end user? My current configuration is like this:
frontend https-in
bind *:443 ssl crt /usr/local/etc/haproxy/ssl/domain.pem
option http-server-close
option forwardfor
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 443
# set HTTP Strict Transport Security (HTST) header
rspadd Strict-Transport-Security:\ max-age=15768000
# some ACLs and URL rewrites...
default_backend https-in-backends
backend https-in-backends
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
http-request del-header X-Forwarded-Port
http-request set-header X-Forwarded-Proto https if { ssl_fc }
stick on src
stick-table type ip size 10240k expire 60m
acl no_redir url_beg /haproxy_url
reqirep ^([^\ :]*)\ /haproxy_url(.*) \1\ /backend_url\2
rspirep ^([^\ :]*)\ (.*)/haproxy_url(.*) \1\ \2/backend_url/\3
server backend_srv backend1:8443/backend_url ssl verify none
`
Please what changes can I make to keep the user seeing the haproxy URL?