Need help with multiple domains, one public IP

Hi, everyone. I’m new here so pardon me if I’m missing any rules.

I need help with my haproxy configuration. I should say I’m also brand new to haproxy so my knowledge gaps will likely be obvious to everyone. Here’s my scenario: I have 2 similar applications that both require the use of port 80/tcp and 443/tcp. Each application sits on its own server with a private IP address behind the single (shared) public address. I have been struggling for a while now with getting haproxy to help direct traffic to both servers. I’ve read that I need to set sticky urls or something like that, in addition to everything else I need to do, but I’m totally clueless on what to do and how to make this work. I need that if users type domain1.com, they should be directed to server1 in my private network and if they type domain2.com, then the traffic should be routed to server2. I should mention that each application has its own letsencrypt certificate. Here’s the configuration I’ve come up with so far.

frontend http_in
        mode http
        option httplog
        bind *:80
        # option forwardfor
        reqadd X-Forwarded-Proto:\ http

        acl host_server1 hdr(host) -i my.domain1.com
        acl host_server2 hdr(host) -i my.domain2.com

        use_backend http_domain1 if host_server1
        use_backend http_domain2 if host_server2


backend http_domain1
        mode http
        option httplog
        # option forwardfor
        redirect scheme https if !{ ssl_fc }
        server server1 192.168.1.100:80 check

backend http_domain2
        mode http
        option httplog
        # option forwardfor
        redirect scheme https if !{ ssl_fc }
        server server2 192.168.1.110:80 check


frontend https_in
        bind *:443 ssl crt /etc/haproxy/certs/
        reqadd X-Forwarded-Proto:\ https
        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend letsencrypt-backend if letsencrypt-acl

        acl host_server1 hdr(host) -i my.domain1.com
        acl host_server2 hdr(host) -i my.domain2.com

        use_backend https_domain1 if host_server1
        use_backend https_domain2 if host_server2


backend https_domain1
        mode http
        option httplog
        # option forwardfor
        redirect scheme https if !{ ssl_fc }
        server server1 192.168.1.100:443 check

backend https_domain2
        mode http
        option httplog
        # option forwardfor
        redirect scheme https if !{ ssl_fc }
        server server2 192.168.1.100:443 check


backend letsencrypt-backend
server letsencrypt 127.0.0.1:54321

I’ve not even been able to get past just validating the code, it always errors. Any and all help would be appreciated here. Thanks.

First thing, let’s simplify your script. All that frontend/backend for http can be simplified to one frontend like so:

frontend unsecure
     bind *:80
     redirect scheme https if !{ ssl_fc }

That will force https.

All that being said, for testing, I’d put your logic in the http section and see if it works. If not, then you will have more tools to look at the traffic/issues/etc and see what’s wrong. Once http works, then redirect to https.

One thing to look at, you should have the ssl flag on your server line. Here’s one of my backends:

backend web2
     balance roundrobin
     option forwardfor
     cookie SRVRID insert
     option httpchk HEAD /
     server server1 192.168.1.11:443 ssl cookie 1 check verify none weight 100
     server server2 192.168.1.12:443 ssl cookie 2 check verify none weight 100

Be sure to review the purpose off all those flags and use if you need them.

@r2t2 thank you so much for responding. I’ll try this and get back with my findings.