Introduction

I recently installed and configured HaProxy with a NGinx server, but I have a problem, when my NGinx server moves the user (302), in the new location, it adds the local port.

Here’s a demonstration example :

If we take a folder tree like this

$ tree public_html
public_html
├── toto
│   └── index.html
├── index.html

When the user makes the following query, we’ll get this result :

$ curl -iL exemple.com/toto
HTTP/1.1 302 Found
content-length: 0
location: https://exemple.com/toto
cache-control: no-cache

HTTP/2 301 
server: nginx/1.26.1
date: Wed, 26 Jun 2024 06:18:40 GMT
content-type: text/html
content-length: 169
location: http://exemple.com:3333/toto/
strict-transport-security: max-age=16000000; includeSubDomains; preload;

curl: (7) Failed to connect to exemple.com port 3333 after 10 ms: Couldn't connect to server

My configuration

HaProxy.cfg :

$ cat /etc/haproxy/haproxy.cfg
global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     2048
    user        haproxy
    group       haproxy
    daemon

    stats socket /var/lib/haproxy/stats

    ssl-default-bind-options ssl-min-ver TLSv1.2

    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000


frontend exemple.com
    mode http
    bind :80
    bind :443 ssl crt /etc/haproxy/certs/exemple.com.pem
    http-request redirect scheme https unless { ssl_fc }
    http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"

    default_backend back_exemple.com

backend back_exemple.com
    balance roundrobin
    server server1 127.0.0.80:3333 check

exemple.conf :

$ cat /etc/nginx/conf.d/exemple.com.conf
server {
	listen 127.0.0.80:3333;
	root /var/www/exemple.com/public_html;
	index index.php index.html;

	access_log /var/log/nginx/example.com.access.log;
    	error_log /var/log/nginx/example.com.error.log;

    	location ~ \.php$ {
        	try_files $uri = 404;
        	fastcgi_pass unix:/run/php-fpm/www.sock;
        	fastcgi_index   index.php;
        	fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        	include fastcgi_params;
    	}
}

Conclusion

I suspect that I must have missed a step in the HaProxy configuration, but I can’t find on the internet how to correct this, I don’t know if you could help me?

1 post - 1 participant

Read full topic