How to redirect non-www or www-without-ssl to www-ssl prefix in haproxy


#1

I am using haproxy 1.8.8 and trying to redirect non-www or www-without-ssl to www-ssl page.

Only following is needed to be redirected and domain has thousands of other subdomains that does not needed to be redirected:

1. http://example.com -> https://www.example.com
2. https://example.com -> https://www.example.com
3. http://www.example.com -> https://www.example.com

I am trying with following configuration, but it is not working properly (partial config below):

frontend www
    http-request redirect prefix https://www.%[hdr(host)] code 301 if { hdr(host) -i example.com }
    http-request redirect prefix https://%[hdr(host)] code 301 if { hdr(host) -i www.example.com } !{ ssl_fc }

With above code, (1) and (2) works perfectly but for (3), it gets redirected to https://www.www.example.com


#2

Works perfectly fine for me:

lukas@dev:~/haproxy$ grep redirect ../cert/2018-may-tests.cfg
        http-request redirect prefix https://www.%[hdr(host)] code 301 if { hdr(host) -i example.com }
        http-request redirect prefix https://%[hdr(host)] code 301 if { hdr(host) -i www.example.com } !{ ssl_fc }
lukas@dev:~/haproxy$ sudo ./haproxy -f ../cert/2018-may-tests.cfg -d
[WARNING] 121/202340 (26317) : Setting tune.ssl.default-dh-param to 1024 by default, if your workload permits it you should set it to at least 2048. Please set a value >= 1024 to make this warning disappear.
Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
        [SPOE] spoe
        [COMP] compression
        [TRACE] trace
Using epoll() as the polling mechanism.
00000000:myfrontend.accept(0005)=000b from [10.0.0.4:50091] ALPN=<none>
00000000:myfrontend.clireq[000b:ffffffff]: GET / HTTP/1.1
00000000:myfrontend.clihdr[000b:ffffffff]: Host: www.example.com
00000000:myfrontend.clihdr[000b:ffffffff]: User-Agent: curl/7.48.0
00000000:myfrontend.clihdr[000b:ffffffff]: Accept: */*
00000001:myfrontend.clicls[000b:ffffffff]
00000001:myfrontend.closed[000b:ffffffff]

Request:

$ curl --resolve www.example.com:80:10.0.0.33 www.example.com -vk
* Added www.example.com:80:10.0.0.33 to DNS cache
* Rebuilt URL to: www.example.com/
* Hostname www.example.com was found in DNS cache
*   Trying 10.0.0.33...
* Connected to www.example.com (10.0.0.33) port 80 (#0)
> GET / HTTP/1.1
> Host: www.example.com
> User-Agent: curl/7.48.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Content-length: 0
< Location: https://www.example.com/
<
* Connection #0 to host www.example.com left intact

Maybe and old haproxy instance is still running in the background with older configuration? Try killing all haproxy processes to make sure. Also share the output of a curl call to this haproxy instance, like I did above.


#3

This issue is resolved.
It was due to cache somehow. To test this, I changed the domain name and it worked properly.

@lukastribus Thanks for your reply.