HAProxy community

Search for solution

Hello people!

I am in a strange situation, and try to find a solution, but maybe it is no one.
The scenario what must be solved is the following, that there is a cloud web-server with floating IP, the IP is accessible from the CORP DMZ, but not from the internal LAN. (example www.ab.com)

The people, actually more than 3000, who must/want access it, sitting on the corporate LAN. The LAN has a proxy server (actually in the DMZ) to serve most of the web-traffic. The client workstations has an except-list (PAC file) what domains could not access through the Corp PROXY (actually .ab.com is on the list, for example because the large number of local servers).

Actually the project must access the web-page so the dev/testing team has access to the site, for example www.a-b.com. So way the PROXY coming back to game to serve that requests. www.a-b.com is resolvable for proxy, and clients can access through it. The end result must that the www.ab.com can be accessible from the LAN side. I mean, what is maybe wrong, that a webserver instance and/or forward proxy function in one node on the CORP LAN, can solve the situation with rewrite and/or forward all the requests to the destination through the COPR Proxy. (The servers ha no one exception list!)

The question that could that situation solved so way?
The webserver/forward-proxy before the COPR Proxy has no DNS resolution for the destination host, only the CORP Proxy.

I tought some of the following config, but i am totally new for haproxy…

frontend https # for incoming
option httplog
log global
bind *:443 ssl crt test.pem
use_backend messages

backend www_ab_com
option httpclose
option forwardfor # (?)
mode http
http-request redirect prefix http://www.ab.com if { hdr(host) -i www.a-b.com } # (but REDIRECT is use browser side so not sure)
http-request set-header Host www.ab.com
server prx1 ProxyIP:Proxy_Port

Logical architecture (if so way a bit simple)

Client (PAC list) - WebSrv/HAProxy rewrite/proxy node - CORP Proxy DMZ/DNS - WWW srv (Cloud)

Client --» WebSrv/HAProxy make SSLendpoint for https://www.a-b.com and rewrite it to www.ab.com and send it throug CORP Proxy what is serve the page www.ab.com

Client has local DNS only for access the first node…

Can someone help for me with a solution or just a why NOT will these solution work RTM lines?

Thank you, best regards,

Ferenc