Working on configuring HAProxy with SSL for our lower environment. Currently, the LB is working for non-ssl but we are converting to use SSL. We have multiple sites in QA and for non-ssl I am using ACL's and its working fine.
For some reason when I restart the service I receive the following error:
Dec 9 10:56:11 haproxy haproxy: [ALERT] 343/105611 (52875) : parsing [/etc/haproxy/haproxy.cfg:27] : error detected while parsing switching rule : no such ACL : '{hdr(host)'.
Here is my current SSL Config:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
option dontlognull
option forwardfor
option http-server-close
stats enable
timeout connect 5000
timeout client 50000
timeout server 50000
frontend qa_b2b_https_front
mode http
bind *:443 ssl crt /etc/haproxy/certs.d/
use_backend qa_b2b_http_back if {hdr(host) -i qawebsecure.oursite.com}
backend qa_b2b_http_back
server qab2b 10.5.140.176:80 check
To define anonymous ACLs, you have to add a space before and after the opening and closing brace.
To quote the documentation on this topic:
It is also possible to form rules using "anonymous ACLs". Those are unnamed ACL expressions that are built on the fly without needing to be declared. They must be enclosed between braces, with a space before and after each brace (because the braces must be seen as independent words).
As such, your use_backend rule should look like this instead:
use_backend qa_b2b_http_back if { hdr(host) -i qawebsecure.oursite.com }