Is it possible to hide the backend server's URL path, using haproxy?
The backend server's URL path is https://backend:8443/backend_url(/.*)
I would like to keep the URL path in the browser as always as https://haproxy/haproxy_url(/.*)
The backend application runs in tomcat and has some j_spring_security_check that breaks normal rewriting and proxying, which is why I am trying to use haproxy to reverse proxy it.
I also need to reuse port 443 on haproxy for multiple applications, and haproxy hosts the organizational wildcard cert for all incoming SSL traffic.
With my current configuration, the haproxy URL changes from https://haproxy/haproxy_url(.) to https://haproxy/backend_url(/.*).
How do I keep it always https://haproxy/haproxy_url(/.*)?
My current configuration is:
frontend https-in
bind *:443 ssl crt /usr/local/etc/haproxy/ssl/domain.pem
option http-server-close
option forwardfor
reqadd X-Forwarded-Proto:\ https
reqadd X-Forwarded-Port:\ 443
# set HTTP Strict Transport Security (HTST) header
rspadd Strict-Transport-Security:\ max-age=15768000
# some ACLs and URL rewrites...
default_backend https-in-backends
backend https-in-backends
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
http-request del-header X-Forwarded-Port
http-request set-header X-Forwarded-Proto https if { ssl_fc }
stick on src
stick-table type ip size 10240k expire 60m
acl no_redir url_beg /haproxy_url
reqirep ^([^\ :]*)\ /haproxy_url(.*) \1\ /backend_url\2
rspirep ^([^\ :]*)\ (.*)/haproxy_url(.*) \1\ \2/backend_url/\3
server backend_srv backend1:8443/backend_url ssl verify none
Best Answer
I solved this by modifying the response back to the browser, in the backend configuration. Don't know if this is the accepted way of doing this, but it worked for me.
rspirep ^(Location:)\ https://([^/]*)/backend_url(.*)$ \1\ https://\2/haproxy_url\3Unfortunately j_spring_security_check is still borking everything. :-(