HAProxy community

Redirect subdomain to URL

#1

Hello together,

I would like to redirect my subdomain to an office 365 Sharepoint path. My domain provider cannot handle it, so I would like to use my haproxy service.

So my example is:
Domain: sharepoint.company.com
Should open the URL: https://company.sharepoint.com/_layouts/15/sharepoint.aspx

I tried:

frontend http-in # unsecure
bind *:80
reqadd X-Forwarded-Proto:\ http # Adds http header to end of end of the HTTP request
redirect scheme https code 301 if !{ ssl_fc }

    acl lets_encrypt path_beg /.well-known/acme-challenge/
    acl site_sharepoint_company hdr_end(host) -i sharepoint.comany.com

    http-request redirect code 301 location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if site_sharepoint_company

But it does not work. Do I also need a use_backend?

With best regards
chromaker

#2

Hi chromaker,

Your ACL “site_sharepoint_company” would never be true as there is, i guess, a typo in the domain name. Please correct “sharepoint.comany.com” to “sharepoint.company.com

Yes, you would have to use a backend. HAProxy throws “503 Service Unavailable” error if a request isn’t routed to a backend. You may route a request using either use_backend or default_backend or both.

Hope this is helpful !

Thanks,
Shivharsh

#3

Hi,

thanks for you reply. But it does not work. I have:
http-request redirect code 301 location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if { hdr(host) -i sharepoint.company.com }

acl site_sharepoint_company hdr(host) -i sharepoint.company.com
use_backend http_redirect_sharepoint if site_sharepoint_company

And I´m getting an 503 Service Unavailable - error

What is missing?

With best regards

#4

Hi chromaker,

Could you please share your complete haproxy configuration?

Thanks,
Shivharsh

#5

Hello togehter,

here is my config, just renamed some things for privacy:

global
        log 127.0.0.1 local0
        log 127.0.0.1 local1 notice
        maxconn 2048
        tune.ssl.default-dh-param 2048
        ssl-default-bind-options no-sslv3 no-tls-tickets
        ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

defaults
        mode http
        option  httplog
        option  dontlognull
        option  forwardfor              # add X-Forwarded-For headers to each request
        option  http-server-close       # reduces latency between HAProxy and clients by closing connections but maintaining keep-alives
        timeout connect 5s
        timeout client  15s
        timeout server  15s

listen  stats                           # admin interface for statistics
        bind *:8989
        mode http
        log global
        stats enable
        stats show-node
        stats auth      admin:xxx
        stats uri       /xxx

##########################
# FRONTEND CONFIGURATION #
##########################

frontend http-in  # unsecure
        bind *:80
        http-request redirect code 301 location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if { hdr(host) -i sharepoint.company.de }
        reqadd X-Forwarded-Proto:\ http # Adds http header to end of end of the HTTP request
        redirect scheme https code 301 if !{ ssl_fc }

        acl lets_encrypt path_beg /.well-known/acme-challenge/
        acl site_sharepoint_company hdr(host) -i sharepoint.company.de


        use_backend lets_encrypt if lets_encrypt
        use_backend http_redirect_sharepoint if site_sharepoint_company

frontend https-in # secure
        bind *:443 ssl crt /usr/local/etc/haproxy/certs.d/ alpn h2,http/1.1
        http-request redirect location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if { hdr(host) -i sharepoint.company.de }
        acl secure dst_port eq 443
        #http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
        reqadd X-Forwarded-Proto:\ https        # Adds https header to end of end of the HTTPS request
        #rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure

        acl lets_encrypt path_beg /.well-known/acme-challenge/

        use_backend lets_encrypt if lets_encrypt  # letsencrypt backend

##########################
# BACKEND Configurations #
##########################

backend lets_encrypt # backend for letsencrypt standalone webserver
 server local localhost:60001

backend http_redirect_sharepoint # redirect for sharepoint.company.de
        option httpclose
        option forwardfor
        http-request set-header X-Forwarded-Port %[dst_port]
        http-request add-header X-Forwarded-Proto https if { ssl_fc }