How to Set Host Header Dynamically After Backend Server Selection in HAProxy

Help!
1

Hello Team

I’m working on a setup where I need to dynamically set the Host header based on the backend server that HAProxy selects upon load balancing. My backend configuration looks like this:

backend be
    mode http
    option forwardfor
    balance leastconn
    option httpchk
    http-check send meth GET uri /health
    http-request set-header X-Forwarded-Port %[dst_port]
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    http-request add-header X-Forwarded-Host %[req.hdr(host)]

    http-request set-header Host [SERVER_NAME]

    server srv-instance1.com srv-instance1.com:443 check inter 10s fastinter 1s downinter 1m resolvers nimbus init-addr last,libc,none ssl verify none check-sni srv-instance1.com sni str(srv-instance1.com) alpn h2 check-alpn h2
    server srv-instance2.com srv-instance2.com:443 check inter 10s fastinter 1s downinter 1m resolvers nimbus init-addr last,libc,none ssl verify none check-sni srv-instance2.com sni str(srv-instance2.com) alpn h2 check-alpn h2

HAProxy version: 2.6.12
And I am using grpc http2 with tls

In this setup, I want the Host header to match the name of the server that HAProxy has chosen (e.g., srv-instance1.com or srv-instance2.com)

What I’ve Tried:
I attempted to use http-send-name-header to set the Host header, but it doesn’t seem to be working in my scenario.
Also variables like srv_name and srv_id also does not help.

Question:
How can I set the Host header dynamically based on the backend server that HAProxy selects?
Is there a way to achieve this ? Any guidance or suggestions would be greatly appreciated!

Thanks in advance!

2

Your scenario matches the use case of http-send-name-header. Can you elaborate what exactly happens when you use this feature, without any competing configurations like http-request set-header Host ?

3

But, wouldn’t your app need not to be aware of its name in other to run in various servers?

Can you remove encryption?

Or maybe…can you use the external certificate internally?

Or, I know! Set each server in its own backend and loop around through another frontend to select/LB them, then you’d have the ability to send arbitrary anything to them, and you can do it with sockets so you don’t even need ports (it wouldn’t hurt to add send-proxy-v2[-ssl-cn] in server lines, accept-proxy in bind lines).

It might be two frontends or two listens since presumably you could just connect over TCP from backend to frontend, I think, I’m not sure. it’s been a while since I’ve done it.

load-balance-same-name
load-balance-same-name1070×827 49.5 KB

I just realized I misunderstood something, and I made the little drawing based on that, but nevertheless, it still works so I won’t tell. :upside_down_face:

Running your internal apps through HAProxy is kind of a must anyway, especially if you didn’t write them, only then you can prevent them from loading stuff from other domains.

If you find the solution please post back.

4

-ssl-cn might not be a good idea on second thought. :thinking: