Environment:
I'm trying to set up an FE/BE that will support:
Connections coming in on one domain/uri get forwarded to another domain (both internal) on a specified port (All backend apps SSL'd and work going directly to them):
- sub1.domain-a.com/test1 -> newsub1.domain-b.com:30000
- sub2.domain-a.com/test2 -> newsub2.domain-b.com:20000
- ...
NOTES:
In an attempt to do that, here is my config:
haproxy.cfg (relevant sections):
frontend f5
bind *:443 ssl crt /etc/haproxy/c-and-k.pem
mode http
acl path_spgen path_beg -i /spgen
use_backend be_spgen if path_spgen
## Rewrite the sending path to strip off 'spgen'
reqrep ^([^\ :]*)\ /spgen/(.*) \1\ /\2 if path_spgen
backend be_spgen
mode http
## Attempt to fix sporadic 'This combination of host and port requires TLS' -- not working
option httpchk HEAD / HTTP/1.1\r\nHost:\ test1.domain-b.com
balance source
server test1 test1.domain-b.com:30000 check ssl ca-file /etc/haproxy/ca.pem
When I try to curl or browser-to https://sub1.domain-a.com/spgen, I end up getting 1 of 2 errors:
If I just re-run the curl or refresh the browser, I can get it to alternate between the errors with enough refreshes/re-runs. Both proxies are running identical configs (and service has been restarted multiple-times to ensure it's loaded).
So my question is two-fold:
TIA!
Your code works for me and strips off /spgen/. Your reqrep rule specifies that it will strip off /spgen/ with a trailing slash, so it will not apply to /spgen without a trailing slash.
To test, I set up a Docker Compose environment with HAProxy as the load balancer and jmalloc/echo-server as the web server. The echo-server displays the HTTP request message, so it's easy to see the details.