HAProxy community

Redirect subdomain to URL

Hello together,

I would like to redirect my subdomain to an office 365 Sharepoint path. My domain provider cannot handle it, so I would like to use my haproxy service.

So my example is:
Domain: sharepoint.company.com
Should open the URL: https://company.sharepoint.com/_layouts/15/sharepoint.aspx

I tried:

frontend http-in # unsecure
bind *:80
reqadd X-Forwarded-Proto:\ http # Adds http header to end of end of the HTTP request
redirect scheme https code 301 if !{ ssl_fc }

    acl lets_encrypt path_beg /.well-known/acme-challenge/
    acl site_sharepoint_company hdr_end(host) -i sharepoint.comany.com

    http-request redirect code 301 location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if site_sharepoint_company

But it does not work. Do I also need a use_backend?

With best regards
chromaker

Hi chromaker,

Your ACL “site_sharepoint_company” would never be true as there is, i guess, a typo in the domain name. Please correct “sharepoint.comany.com” to “sharepoint.company.com

Yes, you would have to use a backend. HAProxy throws “503 Service Unavailable” error if a request isn’t routed to a backend. You may route a request using either use_backend or default_backend or both.

Hope this is helpful !

Thanks,
Shivharsh

Hi,

thanks for you reply. But it does not work. I have:
http-request redirect code 301 location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if { hdr(host) -i sharepoint.company.com }

acl site_sharepoint_company hdr(host) -i sharepoint.company.com
use_backend http_redirect_sharepoint if site_sharepoint_company

And I´m getting an 503 Service Unavailable - error

What is missing?

With best regards

Hi chromaker,

Could you please share your complete haproxy configuration?

Thanks,
Shivharsh

Hello togehter,

here is my config, just renamed some things for privacy:

global
        log 127.0.0.1 local0
        log 127.0.0.1 local1 notice
        maxconn 2048
        tune.ssl.default-dh-param 2048
        ssl-default-bind-options no-sslv3 no-tls-tickets
        ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

defaults
        mode http
        option  httplog
        option  dontlognull
        option  forwardfor              # add X-Forwarded-For headers to each request
        option  http-server-close       # reduces latency between HAProxy and clients by closing connections but maintaining keep-alives
        timeout connect 5s
        timeout client  15s
        timeout server  15s

listen  stats                           # admin interface for statistics
        bind *:8989
        mode http
        log global
        stats enable
        stats show-node
        stats auth      admin:xxx
        stats uri       /xxx

##########################
# FRONTEND CONFIGURATION #
##########################

frontend http-in  # unsecure
        bind *:80
        http-request redirect code 301 location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if { hdr(host) -i sharepoint.company.de }
        reqadd X-Forwarded-Proto:\ http # Adds http header to end of end of the HTTP request
        redirect scheme https code 301 if !{ ssl_fc }

        acl lets_encrypt path_beg /.well-known/acme-challenge/
        acl site_sharepoint_company hdr(host) -i sharepoint.company.de


        use_backend lets_encrypt if lets_encrypt
        use_backend http_redirect_sharepoint if site_sharepoint_company

frontend https-in # secure
        bind *:443 ssl crt /usr/local/etc/haproxy/certs.d/ alpn h2,http/1.1
        http-request redirect location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if { hdr(host) -i sharepoint.company.de }
        acl secure dst_port eq 443
        #http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
        reqadd X-Forwarded-Proto:\ https        # Adds https header to end of end of the HTTPS request
        #rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure

        acl lets_encrypt path_beg /.well-known/acme-challenge/

        use_backend lets_encrypt if lets_encrypt  # letsencrypt backend

##########################
# BACKEND Configurations #
##########################

backend lets_encrypt # backend for letsencrypt standalone webserver
 server local localhost:60001

backend http_redirect_sharepoint # redirect for sharepoint.company.de
        option httpclose
        option forwardfor
        http-request set-header X-Forwarded-Port %[dst_port]
        http-request add-header X-Forwarded-Proto https if { ssl_fc }

Any idea in this case?

Hi,

Sorry for the late response !

I have been trying to reproduce this issue in my environment but in vain. I have been trying on HAproxy v1.5.18.
Could you please help me with below information:

  • What is the HAproxy version that you are using?
  • How did you install HAProxy, using yum or built from source?
  • Are all your backend nodes up and running in good health?

Thanks,
Shivharsh