问题
I need to redirect certain paths to https - frontend secured
The reason for this is that i want certain parts of my web application to only be allowed to run over https.
I've figured out how to redirect all traffic by changing my HAproxy conf like this:
frontend unsecured *:80
#timeout client 86400000
#redirect prefix http://domain.com code 301
mode http
timeout client 120s
But how can i configure it to only redirect certain sub-folder on my domain?
What i would like is to redirect only the following URLs:
http://domain.com/info
http://domain.com/echo
http://domain.com/broadcast
http://domain.com/close
http://domain.com/probe
http://domain.com/cd* (wildcard)
Is this possible?
回答1:
You should use acl to match you criteria.
frontend unsecured *:80
acl is-unsecure-path01 path_beg /info
acl is-unsecure-path02 path_beg /echo
acl is-unsecure-path03 path_beg /broadcast
acl is-unsecure-path04 path_beg /close
acl is-unsecure-path05 path_beg /probe
acl is-unsecure-path06 path_beg /cd
use_backend application-backend if is-unsecure-path01
use_backend application-backend if is-unsecure-path02
use_backend application-backend if is-unsecure-path03
use_backend application-backend if is-unsecure-path04
use_backend application-backend if is-unsecure-path05
use_backend application-backend if is-unsecure-path06
backend application-backend
redirect scheme https if !{ ssl_fc }
回答2:
This one should do the trick
frontend http
bind *:80
acl is-secure path_reg ^\/(info|echo|close|cd.*)
redirect scheme https code 301 if is-secure !{ ssl_fc }
use_backend the-app unless is-secure
frontend https
bind *:443 ssl crt /usr/local/etc/haproxy/ssl
use_backend the-app
backend the-app
server account-1 account:80 check
NOTE: Change the SSL cert path on your app.
来源:https://stackoverflow.com/questions/21276789/haproxy-redirect-based-on-path