Search code examples
httphaproxy

Adding CORS in Haproxy for error response from Haproxy

I have the below haproxy.cfg.

This adds the neccesary CORS headers to the responses from my backend which works fine. The issue I'm facing is that if the server that haproxy is interfacing with times out (i.e. exceeds the 30s server timeout below) haproxy itself sends a 504 response which DOES NOT have the CORS headers I need. How do I make it do that dynamically (statically would just be adding this header in /etc/haproxy/errors/504.http)?

global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA>
        ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
        ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets

defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
        timeout connect 5s
        timeout client  30s
        timeout server  30s

http-errors json
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend www-https
    bind *:80
    bind *:443 ssl crt /etc/ssl/mywebsite.pem
    errorfiles json


    http-response del-header Access-Control-Allow-Origin
    capture request header origin len 128
    http-response set-header Access-Control-Allow-Origin %[capture.req.hdr(0)] if { capture.req.hdr(0) -m found }
    http-response set-header Access-Control-Allow-Methods "GET, HEAD, OPTIONS, POST, PUT" if { capture.req.hdr(0) -m found }
    http-response set-header Access-Control-Allow-Credentials true if { capture.req.hdr(0) -m found }



    # Redirect HTTP to  HTTPS
    redirect scheme https code 301 if !{ ssl_fc }
    mode http

    #Backend to use if no URL specified
    default_backend myBackend


backend myBackend
  server myServer <the ip of the server>
Solution

  • I asked this same question on serverfault stackexchange and got an answer there for anyone wanting to do this:

    https://serverfault.com/questions/1136690/adding-custom-headers-on-error-responses-from-haproxy