HAProxy community

Use_backend app-main if { hdr_dom(host) -i } -> Not recognize domain

Hi,

With the next conf haproxy not recognize my domains and all HTTPS traffic goes to default backend. Any help is appreciated.

Global settings

#---------------------------------------------------------------------
global
log 127.0.0.1 local2 #Log configuration

chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user        haproxy             #Haproxy running under user and group "haproxy"
group       haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------

defaults

#---------------------------------------------------------------------
defaults
mode http
log global
option tcplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000

#---------------------------------------------------------------------

FrontEnd Configuration

#---------------------------------------------------------------------
frontend main-http
bind *:80
reqadd X-Forwarded-Proto:\ http
#acl host_dirbit hdr(host) -i directoriobitcoin.com
use_backend app-main if { hdr_dom(host) -i directoriobitcoin.com }
use_backend app-main-bm if { hdr_dom(host) -i bemadrid.com }
use_backend app-main-mh if { hdr_dom(host) -i madridhappypeople.com }
default_backend app-main

frontend main-https
bind *:443
reqadd X-Forwarded-Proto:\ https
mode tcp
use_backend app-main-https if { hdr_dom(Host) -i directoriobitcoin.com }
use_backend app-main-bm-https if { hdr_dom(Host) -i bemadrid.com }
use_backend app-main-mh-https if { hdr_dom(Host) -i madridhappypeople.com }
default_backend app-main-https

#---------------------------------------------------------------------

BackEnd roundrobin as balance algorithm

#---------------------------------------------------------------------
backend app-main
balance roundrobin
server cpanel1 31.200.246.100:80 check
server cpanel2 92.222.66.209:80 check

backend app-main-https
balance roundrobin
mode tcp
server cpanel1 31.200.246.100:443 check
server cpanel2 92.222.66.209:443 check

backend app-main-bm
balance roundrobin
server cpanel1 31.200.246.100:80 check
server cpanel2 92.222.66.209:80 check

backend app-main-bm-https
balance roundrobin
mode tcp
server cpanel1 31.200.246.100:443 check
server cpanel2 92.222.66.209:443 check

backend app-main-mh
balance roundrobin
server cpanel1 31.200.246.100:80 check
server cpanel2 92.222.66.209:80 check

backend app-main-mh-https
balance roundrobin
mode tcp
server cpanel1 31.200.246.100:443 check
server cpanel2 92.222.66.209:443 check

you can’t use hdr_dom in the https frontend because you don’t terminate SSL.
you can use req.ssl_sni instead but some clients don’t send SNI in the client hello.

Well, how can I route using the domain?

like you did with hdr.
use_backend foo if { req.ssl_sni bar }

And what can I do with the clients don’t send SNI in the client hello

You don’t support them unless you can dedicate an IP per domain and then you can route based on the IP clients connected to.