Hello,
I have a java application in Tomcat which does a redirect based on the host header. To get to this application we must go through nginx and then haproxy. Nginx sets a host request header to match the service name, and then sends the request off to haproxy. Haproxy uses that host request header to route the request to the correct service. For example:
-
User requests https://example.com/app
-
Nginx has a location rule for
/appand sets aHostheader ofapp.internal.lanso we can find the app. It then passes the request off tohttp://app.internal.lan/app. Something likelocation /app/ { proxy_pass http://app.internal.lan/app/; proxy_set_header Host app.internal.lan; proxy_intercept_errors on; } -
HAProxy sees the
Hostheader is set toapp.internal.lanand routes to the correct backend rule (which goes to Tomcat)
I notice when I go through haproxy without SSL everything works fine. That is, after the user logs in they are directed to https://example.com/app/welcome.do as I would expect.
However, when I enable SSL in HAProxy, my redirect suddenly wants to take me to https://app.internal.lan/app/welcome.do.
I have confirmed that HAProxy is not passing the header the same way it does when using HTTP. If I add http-request set-header Host example.com into my backend rule it works as expected.
My question is: is there any way to preserve the Host header when using SSL termination on HAProxy? Why does the redirect work via HTTP, but not HTTPS? Or maybe the question is, why does the Host header get lost when using SSL.
Thanks.