Redirect a specific URL

Hello guys

I have a HAProxy in front of my servers.

Here is its config:

global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
	stats timeout 30s
	user haproxy
	group haproxy
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

frontend http
   bind *:80
   mode tcp
   redirect scheme https code 301 if !{ ssl_fc }
   default_backend http

frontend https
    bind *:443
    mode tcp
    default_backend https

backend https
    balance roundrobin
    mode tcp
    server worker1 172.16.0.172:32443 check
    server worker2 172.16.0.196:32443 check
    server worker3 172.16.0.153:32443 check
    server worker4 172.16.0.19:32443 check

backend http
    balance roundrobin
    mode tcp
    server worker1 172.16.0.172:32080 check
    server worker2 172.16.0.196:32080 check
    server worker3 172.16.0.153:32080 check
    server worker4 172.16.0.19:32080 check


frontend stats
   option http-use-htx
   stats enable
   stats uri /stats
   stats refresh 10s

Now I want this (default_backend) but also add a rule to redirect xxx.company.com to another backend (And redirect everything other than that to the default backend).

How can I achieve this?


The solutions I tried (Not working):

frontend http
   bind *:80
   mode tcp
   acl test_host hdr(host) -i xxx.company.com
   use_backend xxx if test_host
   default_backend http

backend xxx
    balance roundrobin
    mode tcp
    server nginx 172.16.0.32:80 check

And

frontend http
   bind *:80
   mode tcp
   use_backend xxx if { hdr_dom(Host) -i xxx.company.com }
   default_backend http

backend xxx
    mode tcp
    server nginx 172.16.0.32:80 check

HAProxy version: HAProxy version 2.4.19-1ppa1~focal

redirect scheme https code 301 if !{ ssl_fc } redirect always to https FrontEnd

use_backend xxx if test_host
Is never checked

I also delete the redirect scheme https code 301 if !{ ssl_fc } but still doesn’t work…

You cannot check the contents of a header in TCP mode. You need to switch everything to HTTP mode. It appears that was intended in the first place since you have ciphers configured and mode http in your defaults section. Remove all of the mode tcp entries so that HAProxy will decrypt requests and know the headers.

This also means you will need to configure SSL on your frontend instead of just passing it through as-is. To do this properly, you’ll need to give HAProxy some certificate information (combine the private key and full chain in a single file). To configure it, do something like this:

frontend https
    bind *:443 ssl crt /path/to/my/cert.pem
    default_backend https

backend https
    balance roundrobin
    server worker1 172.16.0.172:32443 check ssl
    server worker2 172.16.0.196:32443 check ssl
    server worker3 172.16.0.153:32443 check ssl
    server worker4 172.16.0.19:32443 check ssl

Edit: Removed mode tcp as that wasn’t supposed to be there.