HAProxy redirect scheme not working as documented

StackOverflow https://stackoverflow.com/questions/21391678

  •  03-10-2022
  •  | 
  •  

문제

I'm running HAProxy 1.4.24 behind LB. SSL terminates on LB. I want to redirect http requests to https. I have following config:

log         127.0.0.1 local2
chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user        haproxy
group       haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats
defaults
  mode                    http
  log                     global
  option                  httplog
  option                  dontlognull
  option http-server-close
  option forwardfor       except 127.0.0.0/8
  option                  redispatch
  retries                 3
  timeout http-request    10s
  timeout queue           1m
  timeout connect         10s
  timeout client          1m
  timeout server          1m
  timeout http-keep-alive 10s
  timeout check           10s
  maxconn                 3000

frontend  httpIn *:7258
  maxconn             100000
  option forwardfor   header x-forwarded-for
  acl is_http hdr(X-Forwarded-Proto) http
  redirect scheme https code 301 if is_http
  default_backend             app

backend app
 balance     roundrobin
 cookie      LBSTICKY insert indirect nocache httponly secure maxlife 8h
 server  app1 10.10.10.10:8080 cookie app1
 server  app2 10.10.10.11:8080 cookie app2

My problem is the line

redirect scheme https code 301 if is_http

which generates the following error when running haproxy -f /etc/haproxy/haproxy.cfg -c :

[ALERT] 026/210541 (8482) : parsing [/etc/haproxy/haproxy.cfg:67] : 'redirect' expects 'code', 'prefix', 'location', 'set-cookie', 'clear-cookie', 'drop-query' or 'append-slash' (was 'scheme').`

I rechecked documentation which says I'm using correct syntax for redirect. Any ideas?

도움이 되었습니까?

해결책

redirect scheme is indeed not available in HAProxy 1.4.24. Right now, it is available in HAProxy 1.5-dev13 and newer as well as in HAProxy 1.4.25 and newer, including the haproxy-1.4 master.

The documentation you had a look at was probably the one by Cyril Bonté which currently is generated from the 1.4 master, not the 1.4.24 release.

As such, you could either upgrade to one of the named versions or work around the limitation. A common workaround is to use redirect prefix like this

redirect prefix https://domain.com if is_http { hdr(host) -i domain.com }

This rule has to be enumerated for each hostname where you want the redirect to happen.

다른 팁

This option is available on HAProxy 1.5... You have to use redirect location in 1.4 branch for this purpose.

Baptiste

라이센스 : CC-BY-SA ~와 함께 속성
제휴하지 않습니다 StackOverflow
scroll top