Hello together,
I would like to redirect my subdomain to an office 365 Sharepoint path. My domain provider cannot handle it, so I would like to use my haproxy service.
So my example is:
Domain: sharepoint.company.com
Should open the URL: https://company.sharepoint.com/_layouts/15/sharepoint.aspx
I tried:
frontend http-in # unsecure
bind *:80
reqadd X-Forwarded-Proto:\ http # Adds http header to end of end of the HTTP request
redirect scheme https code 301 if !{ ssl_fc }
acl lets_encrypt path_beg /.well-known/acme-challenge/
acl site_sharepoint_company hdr_end(host) -i sharepoint.comany.com
http-request redirect code 301 location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if site_sharepoint_company
But it does not work. Do I also need a use_backend?
With best regards
chromaker
Hi chromaker,
Your ACL “site_sharepoint_company” would never be true as there is, i guess, a typo in the domain name. Please correct “sharepoint.comany.com” to “sharepoint.company.com”
Yes, you would have to use a backend. HAProxy throws “503 Service Unavailable” error if a request isn’t routed to a backend. You may route a request using either use_backend or default_backend or both.
Hope this is helpful !
Thanks,
Shivharsh
Hi,
thanks for you reply. But it does not work. I have:
http-request redirect code 301 location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if { hdr(host) -i sharepoint.company.com }
acl site_sharepoint_company hdr(host) -i sharepoint.company.com
use_backend http_redirect_sharepoint if site_sharepoint_company
And I´m getting an 503 Service Unavailable - error
What is missing?
With best regards
Hi chromaker,
Could you please share your complete haproxy configuration?
Thanks,
Shivharsh
Hello togehter,
here is my config, just renamed some things for privacy:
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 2048
tune.ssl.default-dh-param 2048
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
defaults
mode http
option httplog
option dontlognull
option forwardfor # add X-Forwarded-For headers to each request
option http-server-close # reduces latency between HAProxy and clients by closing connections but maintaining keep-alives
timeout connect 5s
timeout client 15s
timeout server 15s
listen stats # admin interface for statistics
bind *:8989
mode http
log global
stats enable
stats show-node
stats auth admin:xxx
stats uri /xxx
##########################
# FRONTEND CONFIGURATION #
##########################
frontend http-in # unsecure
bind *:80
http-request redirect code 301 location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if { hdr(host) -i sharepoint.company.de }
reqadd X-Forwarded-Proto:\ http # Adds http header to end of end of the HTTP request
redirect scheme https code 301 if !{ ssl_fc }
acl lets_encrypt path_beg /.well-known/acme-challenge/
acl site_sharepoint_company hdr(host) -i sharepoint.company.de
use_backend lets_encrypt if lets_encrypt
use_backend http_redirect_sharepoint if site_sharepoint_company
frontend https-in # secure
bind *:443 ssl crt /usr/local/etc/haproxy/certs.d/ alpn h2,http/1.1
http-request redirect location https://company.sharepoint.com/_layouts/15/sharepoint.aspx if { hdr(host) -i sharepoint.company.de }
acl secure dst_port eq 443
#http-response set-header Strict-Transport-Security max-age=31536000;\ includeSubdomains;\ preload
reqadd X-Forwarded-Proto:\ https # Adds https header to end of end of the HTTPS request
#rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure
acl lets_encrypt path_beg /.well-known/acme-challenge/
use_backend lets_encrypt if lets_encrypt # letsencrypt backend
##########################
# BACKEND Configurations #
##########################
backend lets_encrypt # backend for letsencrypt standalone webserver
server local localhost:60001
backend http_redirect_sharepoint # redirect for sharepoint.company.de
option httpclose
option forwardfor
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
Hi,
Sorry for the late response !
I have been trying to reproduce this issue in my environment but in vain. I have been trying on HAproxy v1.5.18.
Could you please help me with below information:
- What is the HAproxy version that you are using?
- How did you install HAProxy, using yum or built from source?
- Are all your backend nodes up and running in good health?
Thanks,
Shivharsh