I would like to redirect the query in the browser “http://192.168.1.1” to the domain “https://opnsense.dummy.tld”. So that the browser recognizes the certificate correctly and does not always get an error message.

In the internet there is an example how to go over a .htaccess - file, but I can’t find the place where I should insert the file.

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^192.168.1.1$
RewriteRule ^(.*)$ https://opnsense.dummy.tld/$1 [L,R=301]

How could it be solved with the HAProxy ?

1 post - 1 participant

Read full topic

Hi,

I have configured HA proxy for our Windows application where is running on port 80 ;

HA proxy runs on Linux machines.

I have tried to restart all https requests(SSL) to backend server port(80) by SSL Termination method.

But there is NO re directional request happens from LB to Application end.

My config sample:

HTTPS

frontend https-in
bind *:443 ssl crt /etc/SSL1/Certs1/x.pem no-sslv3 no-tlsv10
mode http
option forwardfor
option http-server-close
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 443
stats uri /haproxy?stats
default_backend backend_https

backend backend_https
mode http
balance roundrobin
cookie SRVNAME insert nocache
server X.X.X.X X.X.X.X:80 cookie ck_X1 check
server X.X.X.X X.X.X.X:80 cookie ck_X2 check
server X.X.X.X X.X.X.X:80 cookie ck_X3 check

2 posts - 2 participants

Read full topic

I want my web application run only on port 4443. So i added this port to my docker container on Haproxy. Now i want to inspect the incoming request and if it is not https, it should redirect to it. Like: http:test.example.com:4443 -> https:test.example.com:4443. This only works if i bind the port without the ssl certificate.

If i bind it like this: bind *:4443 ssl crt /usr/local/etc/ssl/chaparron.ml.pem alpn h2 i get the error “https/1: SSL handshake failure” if i call http:test.example.com:4443 but there is no redirection.

How can i do this?

This is my haproxy.cfg right now

global
        maxconn 50
        tune.ssl.default-dh-param 2048
        log stdout format raw local0

defaults
	    log global
	    mode http
	    timeout tunnel 1h
	    timeout http-request 100s

frontend https
	    mode http
	    bind *:4443 ssl crt /usr/local/etc/ssl/nextcloud.ml.pem alpn h2
	    http-request redirect scheme https code 301 if !{ ssl_fc }
	    default_backend nextcloud
	    timeout client 30s

backend nextcloud
	    mode http
	    timeout connect 20s
	    option http-server-close
	    server app1 app:80
	    timeout server 30s

1 post - 1 participant

Read full topic

Hi,

Context - running v2.0.5, with one frontend, and about 5 backends, all HTTP mode. Requests to frontend are routed to one of the backends based on URL pattern matching.

In one of the backends, the statistics page is reporting that over 50% of requests (of ~8 million, currently) are responding with 4xx codes, spread evenly across the 8 servers behind this. However, the HTTP access logs for those servers have no record of anywhere near that number of 4xx - they only contain a few 1000 rather than the ~4.4m that haproxy is currently reporting. The server http access logs do match up to the number of HTTP 2xx responses being reported by by haproxy. however.

I had thought haproxy would only report 4xx errors like this on a backend if it actually received this code back from the servers involved. Am I incorrect in i that? Any help explaining this situation appreciated!

Thanks,

Adrian

1 post - 1 participant

Read full topic

I am trying to implement a logic as below to route the requests across different backends depending on if some part of the URL is “odd” or “even” number. The logic is described as below:

• Parse the URL and find the Id.
• If Id even number (id%2 == 0) then route the request to “backendX”. Else route to “backendY”.

Sample URI: http://api.example.com/devices/demo-devices/{id}

Is it possible to implement such a logic as explained above using the ACL’s?

If yes - is it supported as part of the community version?
If no - are there are any alternate approaches?

1 post - 1 participant

Read full topic

i have configure HAproxy for http and https but after reboot the server getting error. can any one help.

[ALERT] 182/150239 (1614) : Cannot open configuration file/directory /path/to/haproxyconfig : No such file or directory

1 post - 1 participant

Read full topic

Hello,
I am using HA proxy as a loadbalancer. I need to drop all requests which contain the string in the middle of request. I found out the solution like silent-drop
my additions in settings look like that:

acl restricted_page path_sub,url_dec -i my_string
http-request silent-drop if restricted_page

But when I doing the request it still showing an output, even when I used "deny instead of silent-drop it doesn’t work as I wanted. Anyone know the right soultion of that?

1 post - 1 participant

Read full topic

Hello,

iam running two haproxy instances which talk over the proxy procol.
(Proxy-A and Proxy-B).

If the request was made via http i want to redirect the request on Proxy-B.

http-request redirect scheme https code 301 if domain_name !{ ssl_fc } 

The problem is now that this config piece does not work when i include the !{ ssl_fc } parameter. If i remove this one the redirect works but it of course ends in a redirect loop.

My thoughts are that this is because of the proxy protocol or the chained proxy scenario.

Config Proxy-A

frontend proxy_a
    bind 0.0.0.0:80
    bind 0.0.0.0:443 ssl crt /usr/local/etc/haproxy/ssl/ alpn h2,http/1.1
    mode http
    use_backend domain_a if { hdr(host) domain-a.net }

backend domain_a
    server domain_a_server server:2400 check ssl verify none send-proxy init-addr last,libc,none 

Config Proxy-B

frontend domain_a
    bind 0.0.0.0:2400 ssl crt /usr/local/etc/haproxy/ssl/ accept-proxy

    # Domains ACL match to Host Header
   acl domain_a hdr(host) -i domain-a.net
   http-request redirect scheme https code 301 if domain_a !{ ssl_fc }

1 post - 1 participant

Read full topic

Hey, I need to monitor the total request time.
Configuration: http-server-close and HTTP logs, haproxy 1.7.
The issue is it seems the timers TR and Tt depend on the beginning of the TCP connection.

It means if a client accept cookies and the http-server-close works, if my real Tt client side is 20 ms, the first request will be logged with a ~= 20 ms Tt on the server side, but if there is a 2 second idle time between the first and the second request, the Tt of the second request will be the total time of the first and second request PLUS the idle time.

So, the resulting time logs are VERY FAR from the client side http request times.
Now how can I obtain the http request times, for each http request, while still using http-server-close of keepalive ?

1 post - 1 participant

Read full topic

I have issue with my haproxy that running on my Ubuntu 16.04, i want to set static token to both environment on my server.

I am using path_beg and ssl_fc_sni

this is my config

frontend https
bind *:443 ssl crt /etc/ssl/mykey.pem

acl url_staging path_beg /123456
use_backend staging if { ssl_fc_sni staging.com AND url_staging }

acl url_production path_beg /789012
use_backend production if { ssl_fc_sni production.com AND url_production }

default_backend no-match

backend staging
    http-request set-path "%[path,regsub(^/123456/,/)]" # to remove the token after authenticated.
    server staging 127.0.0.1:4723

backend production
    http-request set-path "%[path,regsub(^/789012/,/)]" # to remove the token after authenticated.
    server production 127.0.0.1:4723

backend no-match  
    http-request deny deny_status 403

the problem is, when i try to visit production with staging token, it works and authenticated. production.com/123456 it will work, and vice versa.

acl staging hdr(Host) staging.com && path /123456

I did tried as per above, put both condition in the same ACL with AND expression but it getting worst, it was able to access without token.

What i want is, to authenticate staging with token/path staging which is 123456, and when i visit production must use production token/path. It should refuse when i hit endpoint production with token staging

so it will refuse connection when i try with production.com/123456.

HA-Proxy version 1.8.25-1

Thanks

1 post - 1 participant

Read full topic

Hi, I’m trying to bucket requests by type and user so that I can rate-limit based on concurrent connections. I think I’ve got this mostly figured out, but I’m hitting a snag and was hoping someone here could help me with the syntax.

Running HAProxy 2.0.14

I’ve tried multiple permutations of this, but hitting an error when validating the config:

http-request track-sc0 %[req.hdr('x-auth-token')]__%[var(txn.request_class)] if { hdr_beg(x-auth-token) -m found }

The error I’m getting is:

unknown fetch method '%[req.hdr'.

I’m sure I’m just not escaping the lookup properly, but any pointers that can be provided would be much appreciated.

1 post - 1 participant

Read full topic

Hi, I am experimenting with using the http-response command, specifically the following line:
http-response set-header X-Server %s

The configuration is as follows:

listen proxies-in
  bind 0.0.0.0:18509
  bind :::18509
  mode tcp
  default_backend proxies
  balance roundrobin

backend proxies
  mode HTTP
  http-response set-header X-Server %s
  server 127.0.0.1:15050 127.0.0.1:15050 check
  server 127.0.0.1:15051 127.0.0.1:15051 check

The goal here is that I would like to see the X-Server header added to the header and should indicate the server used to handle the request. I’ve seen configurations doing this but the X-Server is not added for my requests.

Client -> HaProxy Load balancing -> HTTPS Page --> HaProxy add header --> client.

Is this possible?

If this is not possible, How can I perform tasks given a specific HTTP Status code? For example run commands if i get status code 400 (lua or python)

1 post - 1 participant

Read full topic

To accelerate L4 performance between origin and end-user, I’ve utilized TCP fast open feature on HAProxy.

My expectation is that all requests are accelerated by TCP fast open. But on the result, all is not always accelerated like image.

haproxy_image737×235 33.6 KB

I want to know how TCP fast open is always applied to all requests.
Are there any other configuration for doing it ?

My test environment is as follow. And I’ve configured TCP fast open at Edge and Relay.

Client(Google VM on Singapore) -> Edge (AWS VM on Singapore) -> Parent (AWS VM on KR) -> Origin(AWS VM on KR)

Test program was run periodically on the client. ex) curl http://www.foo.com:90/10K.bin

Linux version and TCP fast open of Edge & Parent server.

# uname -a
Linux edge_sg_01 4.14.177-139.254.amzn2.x86_64 #1 SMP Thu May 7 18:48:23 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
# cat /proc/sys/net/ipv4/tcp_fastopen
3

Haproxy -vv

HA-Proxy version 2.1.7 2020/06/09 - https://haproxy.org/
Status: stable branch - will stop receiving fixes around Q1 2021.
Known bugs: http://www.haproxy.org/bugs/bugs-2.1.7.html
Running on: Linux 4.14.177-139.254.amzn2.x86_64 #1 SMP Thu May 7 18:48:23 UTC 2020 x86_64
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wno-implicit-fallthrough -Wno-stringop-overflow -Wtype-limits -Wshift-negative-value -Wshift-overflow=2 -Wduplicated-cond -Wnull-dereference
  OPTIONS = USE_PCRE=1 USE_THREAD=1 USE_LIBCRYPT=1 USE_OPENSSL=1 USE_ZLIB=1 USE_TFO=1 USE_NS=1 USE_SYSTEMD=1

Feature list : +EPOLL -KQUEUE -MY_EPOLL -MY_SPLICE +NETFILTER +PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED -REGPARM -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -VSYSCALL +BACKTRACE +GETADDRINFO +OPENSSL -LUA +FUTEX +ACCEPT4 -MY_ACCEPT4 +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with multi-threading support (MAX_THREADS=64, default=2).
Built with OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
Running on OpenSSL version : OpenSSL 1.0.2k-fips  26 Jan 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE version : 8.32 2012-11-30
Running on PCRE version : 8.32 2012-11-30
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.7
Running on zlib version : 1.2.7
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as  cannot be specified using 'proto' keyword)
              h2 : mode=HTTP       side=FE|BE     mux=H2
            fcgi : mode=HTTP       side=BE        mux=FCGI
        : mode=HTTP       side=FE|BE     mux=H1
        : mode=TCP        side=FE|BE     mux=PASS

Available services : none

Available filters :
	[SPOE] spoe
	[CACHE] cache
	[FCGI] fcgi-app
	[TRACE] trace
	[COMP] compression

Configuration on Parent

frontend tcp_90
    mode     tcp
    bind *:90 tfo
   default_backend web_svr_90

backend tcp_svr_90
    mode   tcp
    server  kr_origin_90  xxx.xxx.xxx.xxx:90

Configuration on Edge

frontend tcp_90
    mode     tcp
    bind *:90
    default_backend tcp_svr_90

backend tcp_svr_90
    mode      tcp
   retry-on conn-failure empty-response response-timeout
    server  kr_parent_tcp_00  xxx.xxx.xxx.xxx:90 tfo

2 posts - 2 participants

Read full topic

Hello,

I have a server with HAProxy & Docker, I have installed Wordpress on it, but it seems HAProxy cannot connect to Wordpress. On the server I have a certificate and Wordpress seems running.

I noticed that on the “stats” the Wordpress status is DOWN !
(I have other ‘backend’ between HAProxy & Docker that work… but this one :-P)

So, how can I debug and/or fix this problem, if someone has an idea please?

Here is the HAProxy config :

frontend https-in
    bind *:80
    bind *:443 ssl crt  /usr/local/etc/haproxy/certs/socloze.com.pem
    #http-request add-header X-Forwarded-Proto https
    http-request redirect prefix https://www.%[hdr(host)] code 301 if { hdr(host) -i socloze.com }
    http-request redirect prefix https://%[hdr(host)] code 301 if { hdr(host) -i www.socloze.com } !{ ssl_fc }
    
    acl acl_blog hdr(host) -i blog.socloze.com
    
    use_backend be-blog if acl_blog
    
    backend be-blog
    option  forwardfor
    http-request add-header X-Forwarded-Proto https
    redirect scheme https code 301 if !{ ssl_fc }
    server wordpress wordpress:1200 check ssl none resolvers docker init-addr libc,none

And the docker compose file too

version: '3.3'
services:
  db:
    image: mysql:5.7
    environment:
      MYSQL_DATABASE: wordpress
      MYSQL_PASSWORD: Mypassword#
      MYSQL_ROOT_PASSWORD: Mypassword#
      MYSQL_USER: wordpress
    volumes:
     - db_data:/var/lib/mysql
    networks:
     - default
    logging:
      driver: json-file
  wordpress:
    image: wordpress:latest
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_PASSWORD: Mypassword#
      WORDPRESS_DB_USER: wordpress
    ports:
     - 1200:80
    volumes:
     - wordpress_files:/var/www/html
    networks:
     - haproxy-net
     - default
    logging:
      driver: json-file
networks:
  default:
    driver: overlay
  haproxy-net:
    external: true
volumes:
  db_data:
    driver: local
    driver_opts:
      device: /data/mysql
      o: bind
      type: none
  wordpress_files:
    driver: local
    driver_opts:
      device: /data/wordpress
      o: bind
      type: none

BTW, I have switched to this, but it does not solve anything

server wordpress wordpress:1200 check resolvers docker init-addr libc,none

1 post - 1 participant

Read full topic

I am using HAProxy v2.0.13 in front of an API and have attempted to implement URL based rate limiting to try and limit connections to 5 within a 30 minute sliding window per source IP for the “/get_link” path:

frontend fe_dev
  mode http
  bind *:8081,[::]:8081
  stick-table type ip size 100k expire 30m store http_req_rate(30m)
  http-request track-sc0 src if METH_POST { path -i -m beg /get_link }
  http-request deny deny_status 429 if { sc_http_req_rate(0) gt 5 }
  default_backend be_dev

This API endpoint is called from a JavaScript function using an XMLHttpRequest() request and I am using Google Chrome v83.

var xHR = new XMLHttpRequest();
xHR.open("POST", "get_link", true);

xHR.onload = function() {
 console.log('status code is ' + this.status);
};

xHR.onerror = function() {
 console.log("onerror()");
};

var obj = {};

xHR.setRequestHeader("Content-Type", "application/json");
xHR.send(JSON.stringify(obj));

When the size of my POST request is small (i.e. a few hundred bytes) then everything works fine - after 5 requests I start getting HTTP 429 returned. I then tried with a large POST request (the content length was around 35500 bytes) and this is when Chrome started to trigger the onerror function.

I have done a tcpdump and it looks like HAProxy doesn’t wait for the whole request before sending back a 429 (output trimmed for brevity):

POST /get_link HTTP/1.1
Host: server:8081
Connection: keep-alive
Content-Length: 35687
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
Content-Type: application/json
Accept: */*
Origin: http://server:8081
Referer: http://server:8081/index.html
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

{"req1":"XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXHTTP/1.1 429 Too Many Requests
content-length: 117
cache-control: no-cache
content-type: text/html
connection: close

<html><body><h1>429 Too Many Requests</h1>
You have sent too many requests in a given amount of time.
</body></html>
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

From looking at tcpdump I can also see that HAProxy sends a TCP RST as soon as it has sent back the 429 even though Chrome is still sending POST data. How do I get HAProxy to play nicely and wait until it has received the whole request before rejecting it?

1 post - 1 participant

Read full topic

Hi , i had been using haproxy (2 servers) from last 2 years with keepalived . suddenly haproxy start throwing layer 4 time out and logs throwing no backend servers unavilable… so that i had to remove complete lb environment. in haproxy stats web servers were continuously flapping normal to critca,critcal to normal… help me on this…

1 post - 1 participant

Read full topic

Hi,

I am terminating the SSL in haproxy and send the request received to backend server which is again running on https.

I want to inspect the payload on every response received from backend server and match a particular string in payload, if match I want to drop that response.

I have following configuration on my backend

backend events
mode http
option forwardfor
option http-buffer-request
tcp-response inspect-delay 5s
acl payloadmatch res.payload(0,100000) -m bin 7072617665656e
# acl payloadmatch res.payload(0,100000),hex -m sub 7072617665656e
http-response deny if payloadmatch
server events management.xxxyyy.com:443 check ssl verify none

But the above configuration is not working, still I am getting response instead of denying it.

2 posts - 2 participants

Read full topic

I have Portainer running at portainer_agent:9000 in my Swarm. I would like to access http://myserver.com/portainer to get portainer, but I can’t find how to accomplish that.
The “http-request set-path” I’m using at backend is almost working, but it’s not quite there yet.
So the question: How to get the path /portainer/anything redirected to /anything at the backend.

Here is my haproxy.conf snippet:

frontend http-in
    bind *:80
    
    acl is_portainer path_beg /portainer
    use_backend portainer if is_portainer

backend portainer
    balance leastconn
    mode http
    http-request set-path "%[path,regsub(^/portainer,/,)]" if { path_beg /portainer }
    server portainer portainer_agent:9000 resolvers docker_resolver resolve-prefer ipv4

Thank you.

1 post - 1 participant

Read full topic

I have been struggling to get this rate-limiting configuration to work on HAProxy. As seen below I am attempting to use “sc2_get_gpc0” to get a second value stored in the hour_hold stick table. This gpc value is incremented every time a request is made when a client has already hit the standard rate limit. This value is supposed to stay in the table for the expiration time of 1 hour. I can’t seem to get the acl to find that the value is greater than 0 and block connections after the standard rate limit “is_abuse” has passed 20 seconds without a rate of requests higher than the 10 requests in 20 seconds limit.

backend hour_hold
    stick-table  type binary  len 8  size 100k  expire 60m  store gpc0

backend backend
    stick-table  type binary  len 8  size 100k  expire 60m  store http_req_rate(20s)
    http-request track-sc1 base32+src table backend
    http-request set-var(req.rate_limit)  path,map_beg(/usr/local/etc/haproxy/rates.map,10)
    http-request set-var(req.request_rate)  base32+src,table_http_req_rate(backend)
    acl is_abuse var(req.rate_limit),sub(req.request_rate) lt 0
    http-request track-sc2 base32+src table hour_hold if is_abuse
    http-request sc-inc-gpc0(2) if is_abuse
    # acl inc_abuse_cnt sc2_inc_gpc0(hour_hold) gt 0
    acl abuse_cnt sc2_get_gpc0(hour_hold) gt 0
    http-request deny deny_status 429 if is_abuse or abuse_cnt
    # http-request deny deny_status 429 if abuse_cnt
    # http-request deny deny_status 429 if is_abuse inc_abuse_cnt

1 post - 1 participant

Read full topic

When using nginx I can just use the 497 error code specific to nginx

497 HTTP Request Sent to HTTPS Port

and redirect to https with this rule:

error_page 497 https://$host:$server_port$request_uri;

When using haproxy the only solution so far is to use two ports e.g. port 80 and 443 but I only have one port (8443).

I tried the errorloc option but when a client tries to connect to the https port I get an ssl handshare error that can not be catched with the errorloc option.

Idealy I would use the following but that does not work:

frontend http-in
    bind :8443 ssl crt /usr/local/etc/haproxy/ssl/fullchain.pem alpn h2,http/1.1
    redirect scheme https code 301 if !{ ssl_fc }
    maxconn 50

    default_backend backend-server

2 posts - 1 participant

Read full topic