Linux – HA-Proxy 301 re-direct: https to https://www

301-redirecthaproxylinuxnetworking

I am trying to have HA-Proxy 301 redirect an https domain. I need:

https://example.com to redirect to https://www.example.com

This is what I was trying to get it to work:

# corp - example.com
    redirect prefix https://www.example.com code 301 if { hdr(host) -i example.com }
    redirect prefix https://www.example.com code 301 if { hdr(host) -i www.example.com }
    acl server01 hdr_dom(host) -i www.example.com

I would greatly appreciate any help!

EDITED EXAMPLE OF cfg FILE (Code at bottom is part of cfg):

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    user haproxy
    group haproxy
    daemon



defaults
    log global
    maxconn 100000
    mode    http
    option  httplog
    option  dontlognull
    option forwardfor
        timeout connect 600000ms
        timeout server 600000ms
    timeout client 600000ms
    errorfile 400 /etc/haproxy/errors/400.http
    errorfile 403 /etc/haproxy/errors/403.http
    errorfile 408 /etc/haproxy/errors/408.http
    errorfile 500 /etc/haproxy/errors/500.http
    errorfile 502 /etc/haproxy/errors/502.http
    errorfile 503 /etc/haproxy/errors/503.http
    errorfile 504 /etc/haproxy/errors/504.http



frontend main_http_proxy
    bind *:80
    mode http
    http-request add-header X-Forwarded-Proto https if { ssl_fc }
    stats enable
    stats uri /haproxystatus?stats
    stats realm Strickly\ Private
    stats auth ec2ops:7is92kc81k92kds8



# example.com
#redirect scheme https code 301 if { hdr(host) -i www.example.com } !{ ssl_fc }
#redirect prefix  https://www.example.com code 301 if { hdr(host) -i example.com } !{ ssl_fc }
#redirect prefix https://www.example.com code 301 if { hdr(host) -i example.com }
#redirect prefix https://www.example.com code 301 if { hdr(host) -i www.example.com }
acl no_WWW hdr(host) -i example.com
redirect prefix www.example.com code 301 if no_WWW


# Backend Rules
use_backend SERVER01 if jcma01
use_backend SERVER01 if no_WWW



frontend main_https_proxy

    bind :443 ssl crt /etc/haproxy/pem/

    mode http

    http-request add-header X-Forwarded-Proto https if { ssl_fc }

    acl secure dst_port eq 443

    rsprep ^Set-Cookie:\ (.) Set-Cookie:\ \1;\ Secure if secure

    rspadd Strict-Transport-Security:\ max-age=31536000 if secure


use_backend SERVER01 if { ssl_fc_sni www.example.com }

#use_backend SERVER01 if { ssl_fc_sni example.com }




backend server01

    balance source

    cookie SERVER01 insert

    server SERVER01 10.10.10.10:80 cookie SERVER01 check inter 5s

Best Answer

Not sure where you got those ACLs, wouldn't

redirect scheme https code 301 if !{ ssl_fc }

or 

redirect scheme https code 301 if {hdr(host) -i yourdomain.example.com } !{ ssl_fc }

be a cleaner solution?

Related Topic