HAProxy community

HTTPS frontend to HTTP backend


#1

Hi,
Helps please.

I’m trying to configure this architecture.
Frontend with https and redirection with http in backend.
But when i make it, i always have this error message :
Forbidden
You don’t have permission to access /new/new/ on this server.

But this directory exits in the two backends servers and have 0777 as chmod.

My configuration :

frontend www-http
bind *:80
mode http
option httpclose
option forwardfor

redirect prefix https://www.example.com if { hdr(host) -i example.com }
redirect prefix https://www.example.com if { hdr(host) -i www.example.com }

acl exampleACL hdr_dom(host) -i example.com
use_backend exampleBackend if exampleACL 
default_backend defaultBackendServer

frontend www-https
bind *:443 ssl crt /etc/ssl/certs/adwa/certificate.pem
mode http
option httpclose
option forwardfor

redirect prefix https://www.example.com if { hdr(host) -i example.com }

acl exampleACL hdr_dom(host) -i example.com
use_backend exampleBackend if exampleACL 
default_backend defaultBackendServer

backend defaultBackendServer
mode http
balance source
server SRV-WEB-1 192.168.2.13:80 check
server SRV-WEB-2 192.168.2.14:80 check

backend exampleBackend
mode http
redirect scheme http code 301 if !{ ssl_fc }
balance source
acl no_redir url_beg /new/new/
reqirep ^([^\ :])\ /(.) \1\ /new/new/\2 if !no_redir
server SRV-WEB-1 192.168.2.13:80 check
server SRV-WEB-2 192.168.2.14:80 check


#2

This is an error your webserver is emitting, it is not coming from haproxy. Check your webservers logs.


#3

Thank
I will check it.
But when i open with http, it passe very well!


#4

Thank !
The error is on my apache server.

The error log :
[Sat Oct 07 05:51:44.352524 2017] [authz_core:error] [pid 5454] [client 192.168.2.15:52656] AH01630: client denied by server configuration: /www, referer: https://www.ewample.com/

Please do you have any solution ?


#5

I don’t have a solution for you, I’m not an Apache expert.

Check your Apache configuration, specifically the authz_core configuration:
https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html


#6

Thanks a lot for your help.

Effectivelly, it was my apache configuration which was not good.

I configured a virtual host, so i just remove it.

Thank