haproxy: ssl redirect to different backend pools, from different paths?

Targets Web
1

Is there any haproxy guru who could help me with this?

Using haproxy, I wish to redirect to different pools of Xojo webapps, based on a distinguishable uri (like different paths).

I want to strip out the path and open a webapp from the pool of webapps for this path.

For instance:

note: here we receive the path /inapp

https://shop.myapp.com/inapp/?LANG=DE
should go to a pool of 3 webapps with portrange A (like, 9101 - 9103)

inapp

https://shop.myapp.com.9101/?LANG=DE
https://shop.myapp.com.9102/?LANG=DE
https://shop.myapp.com.9103/?LANG=DE

Note: here we receive no path

https://shop.myapp.com/?LANG=DE
should go to a pool of 3 webapps with portrange B (like, 9201 - 9203)

standard

https://shop.myapp.com.9201/?LANG=DE
https://shop.myapp.com.9202/?LANG=DE
https://shop.myapp.com.9203/?LANG=DE

This haproxy.cfg is not working as described above. It does strip out the path as desired, but then it goes to the default_backend instead.

[code]frontend https-in
bind *:443 ssl crt /opt/ssl/shop_myapp_com.pem
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Port %[dst_port]

   acl in_app path_beg /in_app_purchase 
   acl ios path_beg /ios_purchase

   http-request set-header X-Location-Path %[capture.req.uri] if in_app OR ios
   http-request replace-header X-Location-Path [^/]+/(.*) \\1 if in_app OR ios

   http-request redirect location https://shop.myapp.com/%[hdr(X-Location-Path)] if in_app
   http-request redirect location https://shop.myapp.com/%[hdr(X-Location-Path)] if ios

   use_backend InAppSSLpool if in_app
   use_backend InIosSSLpool if ios
   default_backend SSLpool[/code]

Anyone knows how I could create a distinctive attribute, like the path, and then lead it to the right backend pool?

2

Check the docs. I think if I remember the last time I did something like this, it was easiest to just put different hostnames for my sites and use the header begin acl or something like that.

So I had something like admin.domain.com, clients.domain.com and transfer.domain.com, all pointing to the same IP and haproxy redirecting to different backends based on the host name. I’m sure you could parse paths too if you look through the docs and find the right function.

3

[quote=261842:@Kevin Windham]Check the docs. I think if I remember the last time I did something like this, it was easiest to just put different hostnames for my sites and use the header begin acl or something like that.

So I had something like admin.domain.com, clients.domain.com and transfer.domain.com, all pointing to the same IP and haproxy redirecting to different backends based on the host name. I’m sure you could parse paths too if you look through the docs and find the right function.[/quote]

Well, my problem here is SSL. A wildcard certificate for any number of 3rd level domains, as you suggest above, costs much more than a simple certificate for one domain (like shop.myapp.com, as an example above).

So I was trying two things:

  1. adding a path and then add an acl with path_beg, as show above
  2. using a different hostname and use it unsecured (http), but then let haproxy switch to https and forward to a specific backend pool.

But somehow the docs and examples have not been helpful, so far.
Haproxy is not exactly well documented…

In short, it does not work for me, right now.

4

Did you try putting mode http and option httplog in the frontend section?

5

Also, I would work with just the ACLs and backend sections first. Having the other redirects and such in there will confuse the issue until you know your frontends are properly connecting to the backends you want.

http://serverfault.com/questions/444965/haproxy-reqrep-remove-uri-on-backend-request