I want to create a haproxy configuration that listens on port 80 and:
-
use_backend when the path starts with /.well-known/acme-challenge, regardless of domain
-
redirect http to https for other paths for several domains, e.g. a.test to https://a.test
I tried this configuration:
use_backend certbot_80 if { path -m reg ^/.well-known/acme-challenge/ }
redirect prefix https://a.test if { hdr_reg(host) '^a\.test(?::.*)?$' }
But it doesn't work because haproxy processes redirect before use_backend.
This works:
acl certbot path -m reg ^/.well-known/acme-challenge/
redirect prefix https://a.test if ! certbot { hdr_reg(host) '^a\.test(?::.*)?$' }
use_backend certbot_80 if certbot
But I have to specifically exclude the certbot condition in each redirect. And if I have more paths that I want to handle first, I'd have to exclude all of them in each redirect.
Is there a way to do it while keeping each condition separate from the others?
I was previously using pound, which processed mixed redirects and backends in order.
Best Answer
I'm afraid it is not possible to process
use_backendbeforeredirectstatements. I believe HAPROXY evaluates redirects after it receives the entire HTTP request from the client and chooses a backend only after it discovers that the client will not be redirected.You do not need to modify every redirect rule in order to add additional exclusion paths. You can use an unique ACL instead. For example, this configuration snippet would work:
You can also process redirections on a backend. For example: