6

I am attempting to catch http traffic on one port (8080) and redirect it to an internal port (12345). I have the following in my haproxy.cfg

frontend rest_front
   bind *:8080
   #reqadd X-Forwarded-Proto:\ http
   #reqadd X-Forwarded-Port:\ 12345

   acl host_rest hdr(host) -i mypublicserver.myhost.com

   stats uri /haproxy?stats
   acl url_blog path_beg /blog

   # figure out which one to use
   use_backend rest_cluster if host_rest

backend rest_cluster
   server rest_server_host myinternalserver.myotherhost.com:12345 check

When I test the connection to mypublicserver.myhost.com I see the following in the log file ...

Aug 10 14:18:35 myproxy haproxy[30258]: <IP_ADDRESS>:56779 [10/Aug/2017:14:18:35.309] rest_front rest_front/<NOSRV> -1/-1/-1/-1/2 503 213 - - SC-- 1/0/0/0/0 0/0 "GET /somepage.html HTTP/1.1"

I can't figure out why the back end is not hit. The URL I'm using is http://mypublicserver.myhost.com:8080/somepage.html which should trigger the acl.

  • Which mode are you using? TCP or HTTP? Also, try to remove the stats directive. – gxx Aug 10 '17 at 16:24
  • @gf_8 We're using HTTP. I'll try and add that in and remove the stats directive. –  Aug 10 '17 at 16:33
  • @gf_8 Our default mode is set at http ... I commented out the stats directive and retested, still the same result. –  Aug 10 '17 at 16:38

4 Answers4

7

There is no default backend to use and rest_cluster is used only when host_rest ACL is valid.
So any request with a HOST header not matching "mypublicserver.myhost.com" will not be routed to any backend and this results in a 503 error.
So you can either add a default_backend directive or drop/edit the ACL.

EDIT: if the ACL is not matching this is because it is missing the port part: 8080
Try with: 

 acl host_rest hdr(host) -i mypublicserver.myhost.com:8080
Mo3m3n
  • 414
  • 2
  • 6
  • Using the URL he gave should set the correct Host: header, right? – gxx Aug 10 '17 at 22:30
  • @MoEmEn The issue is when I do use a matching server/URL (http://mypublicserver.myhost.com:8080/somepage.html) there is still no backend connection, it's as if the matching condition is not picking up. –  Aug 11 '17 at 11:12
  • Yes the matching condition is not picking, because the host header is *mypublicserver.myhost.com:8080* and not the *mypublicserver.myhost.com* so you have to update your ACL – Mo3m3n Aug 11 '17 at 11:45
  • @gf_ not the complete URL only the *host:port* part, this what should be in the host header. People generally think that the port part is not included in the Host header but this only true when we use a standard port – Mo3m3n Aug 11 '17 at 11:51
0

I faced similar issue and got 503 error with similar string in log file. Thx to @MoEmEn I resolve it.

The main thing in answer is "the ACL is not matching this is because it is missing the port part"

Best for me was to write the rule where url can contain port or not. So this is my rule for HAproxy:

use_backend host_rest if { req.hdr(Host),regsub(:[0-9]+$,) -i mypublicserver.myhost.com }
Stas S
  • 3
  • 2
0

in my case the issue was I was using SSL-Passthrough however acl hdr(host) doesnt work with pass through because it needs to terminate the request to decrypt the headers. so I decided to use SSL-Termination then make an SSL request to the backend servers.

reference : https://discourse.haproxy.org/t/haproxy-not-switching-between-backends/1903/15

Mawardy
  • 101
  • 3
0

for me i had to disable http check since my site return error 404 and haproxy think it is down

kabanus
  • 11
  • 1