URL redirect HAproxy

Hi guys,
I need to use ADFS with HAPROXY.
At the moment the only problem I have is that I can’t make the redirect from https://adfsstg.xxx.com to https://adfsstg.xxx.com/adfs/ls/IdpInitiatedSignOn.aspx
this is my frontend:

frontend adfsstg
  bind ssl crt /etc/ssl/certs/wildcard.pem
  mode http
  redirect scheme https if !{ ssl_fc }
  acl is_root path -i  /
  redirect code 301 location adfsstg.xxx.com/adfs/ls/IdpInitiatedSignOn.aspx  if is_root
  use_backend adfsstg

this is my backend:

backend adfsstg
  balance roundrobin
  http-request set-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto https if { ssl_fc }
  mode http
  http-request deny if !{ src -f /etc/haproxy/allowedoffices.acl }
  server adfsstg.xxx.com check ssl verify none

can you help me please?
Thank you so much

What is the actual problem? Could you include the output of curl -v https://asdsstg.xxx.com?

My hunch is that it redirects to https://asdsstg.xxx.com/asdfsstg.xxx.com/adfs/... (i.e. it doubles the domain.)

To fix this just use the path in for redirect, as in redirect code 301 location /adfs/ls/..., or use the full URL as in https://....

Hi ciprian,
thanks for your reply!
this is the output of curl

curl -v https://adfsstg.xxx.com
* About to connect() to adfsstg.xxx.com port 443 (#0)
*   Trying
* Connected to adfsstg.xxx.com ( port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate:
* 	subject: CN=www.xxx.com,OU=Multi-Domain SSL,O=xxx,STREET=x xx,L=xxx,ST=xxxlCode=xx,C=xx
* 	start date: Sep 05 00:00:00 2019 GMT
* 	expire date: Dec 02 23:59:59 2021 GMT
* 	common name: www.xxx.com
* 	issuer: CN=Sectigo RSA Organization Validation Secure Server CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: adfsstg.xxx.com
> Accept: */*
* HTTP 1.0, assume close after body
< HTTP/1.0 503 Service Unavailable
< Cache-Control: no-cache
< Connection: close
< Content-Type: text/html
<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
* Closing connection 0

Thanks :slight_smile:

Based on the curl output I have the feeling that the request is not reaching that HAProxy instance (or frontend).

To make sure you are reaching it, try to remove the if is_root ACL after the redirect so that it always redirects. Thus you can make sure you’ve reached the right frontend.