http请求中的haproxy和“修复”主机名

时间:2019-05-01 09:53:44

标签: haproxy

我开始使用haproxy在nginx服务器之间进行平衡(以实现这些nginxen后面的rails实例的负载平衡)。我想将不是www名称的所有名称重定向到www名称(以及所有http-> https)301。因此,我写了这篇文章,但效果不佳。实际发生的是http-> https,但是https上的所有名称对于除www.staging.example.com以外的所有名称都返回200而不是301。另外,我希望直接对http://staging.example.com/https://www.staging.example.com/,而对https://staging.example.com/说301

frontend www-http
    bind 1.2.3.4:80

    acl redirect_canonical req_ssl_sni -i staging.example.com
    acl redirect_canonical req_ssl_sni -i myname.example.com
    http-request  redirect  code 301  location  https://www.staging.example.com%[capture.req.uri]  if\
 redirect_canonical

    http-request  redirect  code 301  scheme https  if !{ ssl_fc }

    reqadd X-Forwarded-Proto:\ http
    default_backend railswebapp-backend

frontend www-https
    bind 1.2.3.4:443 ssl crt /etc/haproxy/ssl/

    # Test URI to see if its a letsencrypt request.                                                      
    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
    use_backend letsencrypt-backend if letsencrypt-acl

    acl redirect_canonical req_ssl_sni -i staging.example.com
    acl redirect_canonical req_ssl_sni -i myname.example.com
    http-request  redirect  code 301  location  https://www.staging.example.com%[capture.req.uri]  if\
 redirect_canonical

    reqadd X-Forwarded-Proto:\ https
    default_backend railswebapp-backend

关于我在做什么的任何指示吗?

更新

已更正的块是:

frontend www-http
    bind 1.2.3.4:80

    acl redirect_canonical hdr(host) -i staging.example.com
    acl redirect_canonical hdr(host) -i myname.example.com
    http-request  redirect  code 301  location  https://www.staging.example.com%[capture.req.uri]  if\
 redirect_canonical

    http-request  redirect  code 301  scheme https  if !{ ssl_fc }

    reqadd X-Forwarded-Proto:\ http
    default_backend railswebapp-backend

frontend www-https
    bind 1.2.3.4:443 ssl crt /etc/haproxy/ssl/

    # Test URI to see if its a letsencrypt request.                                                      
    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
    use_backend letsencrypt-backend if letsencrypt-acl

    acl redirect_canonical ssl_fc_sni -i staging.example.com
    acl redirect_canonical ssl_fc_sni -i myname.example.com
    http-request  redirect  code 301  location  https://www.staging.example.com%[capture.req.uri]  if\
 redirect_canonical

    reqadd X-Forwarded-Proto:\ https
    default_backend railswebapp-backend

0 个答案:

没有答案