How to make HAProxy's SSL redirect and path rewrite (with reqrep) work at the same time?

@xji wrote:

I need to deploy different apps on the same domain, thus I’ve set up the backend to rewrite URL with reqrep ^([^\ ]*\ /)appA[/]?(.*) \1\2. It works when I only deploy the HTTP or HTTPS version of the app.

However, if I try to redirect all HTTP traffic to HTTPS, it doesn’t work. The problem is that HAProxy has already rewritten the URL and stripped out the /appA part before the redirection. Thus if I try to visit http://myserver.com/appA, the page https://myserver.com will eventually be requested instead of https://myserver.com/appA.

I can’t put the redirect rule before the reqrep rule as it seems that HAProxy must process all the rewrites before the redirects.

What can I do to make my configuration work as I intended? This should be obvious but I can’t seem to find a relevant answer online.

My configuration:

frontend http_front
  bind *:80
  reqadd X-Forwarded-Proto:\ http
  acl appA_url url_beg /appA
  use_backend appA if appA_url

frontend https_front
  bind *:443 ssl crt /etc/haproxy/certs/myserver.com.pem
  reqadd X-Forwarded-Proto:\ https
  acl appA_url url_beg /appA
  use_backend appA if appA_url

backend appA
  reqrep ^([^\ ]*\ /)appA[/]?(.*)     \1\2
  redirect scheme https if !{ ssl_fc }
  balance roundrobin
  server web1 127.0.0.1:5001 check

Posts: 1

Participants: 1

Read full topic