HAProxy community

How to keep urlpath the same in the browser, while reverse proxying


#1

Hi

I need to reverse proxy a tomcat application which I cant expose directly onto the internet, and this application uses spring security for login, and is breaking normal reverse proxying.
I am trying to use haproxy to reverseproxy it, but I also need to maintain the haproxy url because I have to reuse the incoming port for different applications (https port), and I am also using haproxy to pass the domain certificate to the browser.
Backend application is at https://backend:8443/backend_url(/.*).
I need to be able to keep the url in the browser, as https://haproxy/haproxy_url(/.*), but my current configuration keeps changing the URL paths to https://haproxy/backend_url(/.*), instead of keeping them as https://haproxy/haproxy_url(/.*).
Please how do I hide the root URL path from the end user? My current configuration is like this:

    frontend https-in
        bind *:443 ssl crt /usr/local/etc/haproxy/ssl/domain.pem
        option http-server-close
        option forwardfor
        reqadd X-Forwarded-Proto:\ https
        reqadd X-Forwarded-Port:\ 443
        # set HTTP Strict Transport Security (HTST) header
        rspadd  Strict-Transport-Security:\ max-age=15768000
        # some ACLs and URL rewrites...
        default_backend https-in-backends

    backend https-in-backends
        http-request set-header X-Forwarded-Host %[req.hdr(Host)]
        http-request del-header X-Forwarded-Port
        http-request set-header X-Forwarded-Proto https if { ssl_fc }
        stick                   on src
        stick-table             type ip size 10240k expire 60m
        acl                     no_redir url_beg   /haproxy_url
        reqirep                 ^([^\ :]*)\ /haproxy_url(.*)       \1\ /backend_url\2
        rspirep                 ^([^\ :]*)\ (.*)/haproxy_url(.*)    \1\ \2/backend_url/\3
        server backend_srv backend1:8443/backend_url ssl verify none

`
Please what changes can I make to keep the user seeing the haproxy URL?


#2

I solved this by modifying the response back to the browser, in the backend configuration.

rspirep ^(Location:)\ https://([^/]*)/backend_url(.*)$ \1\ https://\2/haproxy_url\3