Port in frontend different from port in backend

Hi all,

I am trying to set up the frontend by binding it with a certain port and then forwarding it to the backend. The problem is the backend is on a different port and the request comes with another port and I get error 503.
For example:
//// This works when using port 443

frontend admin_kubernetes
mode http
bind 10.2.6.15:443 ssl crt /etc/haproxy/certs/cert.pem alpn h2,http/1.1
acl admin_url hdr(host) -i admin.domain.com
use_backend kubernetes_test if admin_url

backend kubernetes_test
balance roundrobin
option httpchk GET /healthz
default-server inter 15s
cookie SERVERID insert indirect nocache
timeout connect 100s
timeout server 120s
server kubernetestest1 10.2.6.75:443 ssl check cookie s1 sni req.hdr(Host) verify none

//// This doesn’t work when port is 3000

frontend admin_kubernetes
mode http
bind 10.2.6.15:3000 ssl crt /etc/haproxy/certs/cert.pem alpn h2,http/1.1
acl admin_url hdr(host) -i admin.domain.com
use_backend kubernetes_test if admin_url

backend kubernetes_test
balance roundrobin
option httpchk GET /healthz
default-server inter 15s
cookie SERVERID insert indirect nocache
timeout connect 100s
timeout server 120s
server kubernetestest1 10.2.6.75:443 ssl check cookie s1 sni req.hdr(Host) verify none

Does anyone have some suggestions?

Thanks,
I

When your are using a non standard port, the browser will send the port in the host header, so your use_backend rule no longer matches.

update the acl or use the default backend directive.

Hi Lukas, thanks for the answer. I figured that out. But how can I make this work? To have the port 3000 on the frontend and forward to the backend on port 443 so that everything works?

Like I said either modify the match statement:

acl admin_url hdr(host) -i admin.domain.com:3000
use_backend kubernetes_test if admin_url

or use default_backend

default_backend kubernetes_test

Thanks, this works partly :smiley: But alas, the app is broken on the kubernetes side because of port 3000 I guess. I need to strip the port in the backend side before the request goes to kubernetes.

Yep, if the backend makes assumptions or is configured for a wrong URL than this will lead to lots of issues with absolute links, cookies, etc.