hello
i was search already whole day how to work this but have not found any solution.
have enviroment where haproxy have url that using certificte on ngnix on backend server, so connection is go : internet>haproxyurl:443>ngnix&cert, what i need is to setup with mode tcp as http/80 is redirected to https the suffixes paths allow/deny
so lets say my front looks like that:
frontend tcp-in-443
bind 0.0.0.0:443 interface eth0
mode tcp
#option tcplog
maxconn 500
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
default_backend no_ssl
use_backend xxx.xxx.com if { req_ssl_sni -i xxx.xxx.com }
backend xxx.xxx.com
mode tcp
option tcplog
server default 123.123.123.123:443 check
what i need is that if someone as sending req to open xxx.xxx.com he can he gets 404 or redirection, the ONLY path that can be accessable is xxx.xxx.com/test/test2/* and not xxx.xxx.com or some /blah.
how i can achive that ? in front ACLs + use_backed ? i was trying that but was not working or mby i did wrong config…
edit - also this web should be ALL visible from internal LAN that is going to ngnix direct so the idea is to block it only from internet
4 posts - 2 participants