Hello all,
I am experiencing some issues with HA Proxy running as a reversproxy and redirecting traffic to two different applicarions.
Application2 is working fine with the configuration below.
Appllication1 causes some minor trouble. Typing in the browser in order to access the domain :“domain.com/application1” I do get a Time Out Error and the address in the browser changes to domain.com:82/application1. Were 82 the desired port of the backend and the application1 is listening on.
Now it becomes al little strange to me. Deleting now the “:82” in “domain.com:82/application1” lets me access the application1 in the webbroser. I assume that I messed in some line the redirecting command up, but I do not see where.
One restriction is, that i need to log the originating IP.
Below my configuration and
thank you for your help
Krischan
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
daemon
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
defaults
log global
mode tcp
option tcplog
option dontlognull
option forwardfor header X-Forwarded-For
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
bind :80
mode http
option forwardfor header X-Forwarded-For
option httplog
acl is_letsencrypt path_beg -i /.well-known/acme-challenge/
redirect scheme https code 301 if !{ ssl_fc } !is_letsencrypt
use_backend be_letsencrypt if is_letsencrypt
frontend https_in
bind *:443
option http-server-close
acl tls req.ssl_hello_type 1
acl is_application1 req.ssl_sni -i domain.com
tcp-request inspect-delay 5s
tcp-request content accept if tls
use_backend recir_application1 if is_application1
use_backend recir_application2 if !{ req.ssl_hello_type 1 } !{ req.len 0 }
backend be_letsencrypt
mode http
server localhost 127.0.0.1:81
backend recir_application1
server loopback-for-tls abns@haproxy-application1 send-proxy
backend recir_application2
server loopback-for-tls abns@haproxy-default send-proxy
frontend ssl-default
bind abns@haproxy-default accept-proxy
use_backend be_application2
frontend application1
mode http
bind abns@haproxy-application1 accept-proxy ssl crt /etc/letsencrypt/domain.com/haproxy.pem
use_backend be_application1
backend be_application2
server localhost 127.0.0.1:4545
backend be_application1
mode http
server localhost 127.0.0.1:82 send-proxy