Website auto redirecting when hosted on HAProxy


#1

Hi,
We are in the process of migrating from Apache reverse proxy to
HAProxy. We are facing issues with some of the web sites. Any
recommendation will be greatly appreciated.

We have hosted all application on HAProxy with the needed SSL
Certificates. All our sites are SSL, there is no non ssl site in our
env.

e.g. https ://mysite.com is on HAProxy

Env Configuration:
https ://mysite.com should forward the request to http ://192.168.128.10:8080 on the backend. The backend i.e. 192.168.128.10:8080 is not HTTPS it is only http site. So we are proxying HTTPS site to a backend http site.

Expected behaviour (Which is not working):
When we access the site https ://mysite.com it should auto forward to login page i.e. https ://mysite.com/app1/login.jsp?/app1/ – (this autoforward is the application behavior )

Issue:

When we access as https ://mysite.com/ the URL in the browser gets changed automatically to http: //mysite.com:8080/app1/login.jsp?/app1/

Since HAProxy is not listening on port 8080 the site gives error “Page cannot be displayed”

When the login page is accessed with full url i.e. https ://mysite.com/app1/login.jsp?/app1/ it loads fine, but on entering the domain only i.e. https ://mysite.com/ it ends up in “page cannot be displayed” error
This configuration is working smoothly with apache as reverse proxy, the configuration of apache is also provided below.

The HA Proxy configuration is as below

frontend http-in
bind *:443 ssl crt /etc/pki/tls/certs/mysite/mysite.com.pem crt /etc/pki/tls/certs/mysite1/mysite1.com.pem
mode http
acl mysite.com req.hdr(Host) mysite.com
acl path_mirror_app1 path -m beg /app1
use_backend mysite.com_redirect if mysite.com path_mirror_app1

backend mysite.com_redirect
http-request set-header Host mysite.com
server mysite.com 192.168.128.10:8080 check
mode http

Apache Configuration

The apache configuration for the same site which is working fine is as below

<VirtualHost *:443>
ServerName mysite.com
ProxyPass / http://192.168.128.10:8080/
ProxyPassReverse / http://192.168.128.10:8080/

SSLEngine On
SSLProxyEngine On
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:!aNULL:!eNULL:!RC4
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile /etc/pki/tls/certs/mysite/mysite.com.crt
SSLCertificateKeyFile /etc/pki/tls/certs/mysite/mysite.com.key

Thankyou


#2

You are configuring haproxy to only foward this to the backend when the URI begins with /app1, this is not the case when you are only pointing your browser to https://mysite.com/, which of course does not work as expected then.

Whatever your default_backend is pointing to, it will hit that instead of your “mysite.com_redirect” backend.


#3

I tried configuring “acl path_mirror_app1 path -m beg /” but the same redirection issue still persists. When i try to access the site with the domain name, the URL in browser gets autochanged to http.


#4

I assume your backend has some problem with the host header not showing 8080.

Try modifying the Host header:
http-request set-header Host mysite.com:8080