1

I'm writing here, because I use HAProxy as reverse-proxy with SSL/TLS termination, and I don't know how to configure it to forward HTTPS requests on specific port to the same on my HTTP backend's servers.

I'm searching to do something like this :

https://www.example.com:PORT ----> http://www-backend:PORT

PORT is a port in a port range between 8000 and 9000 (These ports are open on backend's servers )

www-backend corresponds to one of my backend's servers

I already done this with NGINX by the past, but never with HaProxy.

Could you help me ?

This my current HAProxy's configuration :

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
        stats timeout 5s
        user haproxy
        group haproxy
        daemon

        tune.ssl.default-dh-param 4096

defaults
        log     global

        mode    http
        option  httplog
        option  dontlognull
        option forwardfor
        option http-server-close
        option http_proxy

        timeout connect 5000
        timeout client  50000
        timeout server  50000
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

        stats enable
        stats hide-version
        stats refresh 5s
        stats uri /hastats


#Define http frontend
frontend www-http
        bind *:80
        reqadd X-Forwarded-Proto:\ http
        default_backend www-backend

        # Test URI to see if its a letsencrypt request
        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend letsencrypt-backend if letsencrypt-acl

#Define https frontend
frontend www-https
        bind *:8000-9000 crt /etc/haproxy/certs/example.com.pem
        bind *:443 crt /etc/haproxy/certs/example.com.pem
        reqadd X-Forwarded-Proto:\ https
        default_backend www-backend

#Define www-backend
backend www-backend
        mode http
        http-request set-header X-Forwarded-For %[src]
        reqadd X-Forwarded-Proto:\ https
        option http-server-close

        balance roundrobin
        redirect scheme https if !{ ssl_fc }
        server web1 xxx.xxx.xxx.101 check port 80
        server web2 xxx.xxx.xxx.102 check port 80

#Define letsencrypt backend
backend letsencrypt-backend
        server letsencrypt 127.0.0.1:8080
outstore
  • 65
  • 2
  • 12
  • Did you try to declare `server name :` without the port number? The `server` keyword [doc](https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-server) should be of some help. – Joao Morais Oct 16 '20 at 17:39
  • @JoaoMorais , I done something like this `server web1 xxx.xxx.xxx.101 check`, but it's doesn't work. – outstore Oct 17 '20 at 06:31
  • I got this : ERR_CONNECTION_RESET – outstore Oct 17 '20 at 06:38

0 Answers0