Welcome! Log In Create A New Profile

Advanced

502 Bad Gateway

Posted by UPPALAPATI, PRAVEEN 
UPPALAPATI, PRAVEEN
502 Bad Gateway
May 08, 2018 07:30AM
Hi Haproxy-Team,

I have the following configuration:

listen http_proxy-1000
bind *:1000
mode http
option httplog
http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
option http_proxy


If I issue a request to that port :

https://<haproxyHost>:1000
/test/test.txt?Host=<desthost>:8093

I get <BadReq>

If I add ssl termination to the config:

listen http_proxy-1000
bind *:1000 ssl test.pem
mode http
option httplog
http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
option http_proxy


I get :
http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"

I have also set :

ssl-server-verify none

@global still no luck.

Let me know if I am missing anything .

Thanks,
Praveen.


-----Original Message-----
From: Aleksandar Lazic [mailto:[email protected]]
Sent: Tuesday, May 01, 2018 7:22 AM
To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]>
Cc: Olivier Houchard <[email protected]>; haproxy@formilux.org
Subject: Re: Logging Question

Hi.

Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN:
>
> Hi Willy/Oliver,
>
> One small question:
>
> When I capture the header it's returning xxxx.com in the log but when I perform Get on xxxx.com:1000 it is not matching the following configuration.
>
> frontend http-1000
> bind *:1000
> option httplog
> capture request header Host len 20
> acl is_east hdr(host) -i xxxx.com

Maybe this helps?

acl is_east hdr_beg(host) -i xxxx.com

> use_backend east_bk_1000_read if is_east
>
> My question is how can I print o/p of hdr(host) & is_east to log?
>
> Appreciate your help.
>
> Thanks,
> Praveen.

Regards
Aleks
Aleksandar Lazic
Re: 502 Bad Gateway
May 08, 2018 02:50PM
Hi.

Please post only to the mailing list, thanks.
Please keep the mailinglist in the mail loop => "Answer all".

Am 08.05.2018 um 07:25 schrieb UPPALAPATI, PRAVEEN:
> Hi Haproxy-Team,
>
> I have the following configuration:
>
> listen http_proxy-1000
> bind *:1000
> mode http
> option httplog
> http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
> option http_proxy

This isn't the whole config, isn't it?

The 'url_param' does not match the request below, afais.

Please can you answer the following questions.

Which HAProxy Version do you use?
What's the whole HAProxy config?
Was the acl below helpfull?

Regards
Aleks

> If I issue a request to that port :
>
> https://<haproxyHost>:1000
> /test/test.txt?Host=<desthost>:8093
>
> I get <BadReq>
>
> If I add ssl termination to the config:
>
> listen http_proxy-1000
> bind *:1000 ssl test.pem
> mode http
> option httplog
> http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
> option http_proxy
>
>
> I get :
> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>
> I have also set :
>
> ssl-server-verify none
>
> @global still no luck.
>
> Let me know if I am missing anything .
>
> Thanks,
> Praveen.
>
>
> -----Original Message-----
> From: Aleksandar Lazic [mailto:[email protected]]
> Sent: Tuesday, May 01, 2018 7:22 AM
> To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]>
> Cc: Olivier Houchard <[email protected]>; haproxy@formilux.org
> Subject: Re: Logging Question
>
> Hi.
>
> Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN:
>>
>> Hi Willy/Oliver,
>>
>> One small question:
>>
>> When I capture the header it's returning xxxx.com in the log but when I perform Get on xxxx.com:1000 it is not matching the following configuration.
>>
>> frontend http-1000
>> bind *:1000
>> option httplog
>> capture request header Host len 20
>> acl is_east hdr(host) -i xxxx.com
>
> Maybe this helps?
>
> acl is_east hdr_beg(host) -i xxxx.com
>
>> use_backend east_bk_1000_read if is_east
>>
>> My question is how can I print o/p of hdr(host) & is_east to log?
>>
>> Appreciate your help.
>>
>> Thanks,
>> Praveen.
>
> Regards
> Aleks
>
UPPALAPATI, PRAVEEN
RE: 502 Bad Gateway
May 08, 2018 04:30PM
Hi Aleks,

Sorry I missed the group.

My Full Config:

#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.3/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1:514 local0 info alert
log 127.0.0.1:514 local2 info alert
maxconn 20000
user haproxy
group haproxy
daemon
nbthread 4
ssl-server-verify none

tune.ssl.default-dh-param 2048



#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults

log global
mode http
option dontlognull
rate-limit sessions 6000
timeout connect 300000 # default 10 second time out if a backend is not found
timeout client 6600000
timeout server 6600000
option http-server-close
maxconn 20000
retries 3


listen http_proxy-1000
bind *:1000
mode http
option httplog
http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
option http_proxy
#---------------------------------------------------------------------


I also tried :

listen http_proxy-1000
bind *:1000 ssl crt certs.pem
mode http
option httplog
http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
option http_proxy



HAProxy Version :

//opt/app/haproxy/sbin/haproxy -vv
HA-Proxy version 1.8.4-1deb90d 2018/02/08
Copyright 2000-2018 Willy Tarreau <[email protected]>

Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -O2 -g -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label
OPTIONS = USE_LIBCRYPT=1 USE_ZLIB=1 USE_THREAD=1 USE_OPENSSL=1 USE_PCRE=1


Was the acl below helpfull?
Yes and also wanted to know if there is a way to print o/p of : hdr_beg(host) for debug purposes

Thanks,
Praveen.

-----Original Message-----
From: Aleksandar Lazic [mailto:[email protected]]
Sent: Tuesday, May 08, 2018 7:40 AM
To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy@formilux.org
Subject: Re: 502 Bad Gateway

Hi.

Please post only to the mailing list, thanks.
Please keep the mailinglist in the mail loop => "Answer all".

Am 08.05.2018 um 07:25 schrieb UPPALAPATI, PRAVEEN:
> Hi Haproxy-Team,
>
> I have the following configuration:
>
> listen http_proxy-1000
> bind *:1000
> mode http
> option httplog
> http-request set-uri https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
> option http_proxy

This isn't the whole config, isn't it?

The 'url_param' does not match the request below, afais.

Please can you answer the following questions.

Which HAProxy Version do you use?
What's the whole HAProxy config?
Was the acl below helpfull?

Regards
Aleks

> If I issue a request to that port :
>
> https://<haproxyHost>:1000
> /test/test.txt?Host=<desthost>:8093
>
> I get <BadReq>
>
> If I add ssl termination to the config:
>
> listen http_proxy-1000
> bind *:1000 ssl test.pem
> mode http
> option httplog
> http-request set-uri https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
> option http_proxy
>
>
> I get :
> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>
> I have also set :
>
> ssl-server-verify none
>
> @global still no luck.
>
> Let me know if I am missing anything .
>
> Thanks,
> Praveen.
>
>
> -----Original Message-----
> From: Aleksandar Lazic [mailto:[email protected]]
> Sent: Tuesday, May 01, 2018 7:22 AM
> To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]>
> Cc: Olivier Houchard <[email protected]>; haproxy@formilux.org
> Subject: Re: Logging Question
>
> Hi.
>
> Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN:
>>
>> Hi Willy/Oliver,
>>
>> One small question:
>>
>> When I capture the header it's returning xxxx.com in the log but when I perform Get on xxxx.com:1000 it is not matching the following configuration.
>>
>> frontend http-1000
>> bind *:1000
>> option httplog
>> capture request header Host len 20
>> acl is_east hdr(host) -i xxxx.com
>
> Maybe this helps?
>
> acl is_east hdr_beg(host) -i xxxx.com
>
>> use_backend east_bk_1000_read if is_east
>>
>> My question is how can I print o/p of hdr(host) & is_east to log?
>>
>> Appreciate your help.
>>
>> Thanks,
>> Praveen.
>
> Regards
> Aleks
>
UPPALAPATI, PRAVEEN
RE: 502 Bad Gateway
May 08, 2018 05:30PM
Also Do we know if option http_proxy will re-encrypt the req after SSL termination and is it meant for HTTPS?

listen http_proxy-1000
bind *:1000 ssl test.pem
mode http
option httplog
http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
option http_proxy


The reason being the following works but we can't really use it for plain proxy setup since server's in the backend are fixed:

listen http_proxy-1000
bind *:1000 ssl test.pem
mode http
option httplog
server backUp <backendHost>:5100 ssl check backup verify none

Any help will be highly appreciated.

Thanks,
Praveen.





-----Original Message-----
From: UPPALAPATI, PRAVEEN
Sent: Tuesday, May 08, 2018 12:25 AM
To: 'Aleksandar Lazic' <[email protected]>; Willy Tarreau <[email protected]>
Cc: Olivier Houchard <[email protected]>; haproxy@formilux.org
Subject: 502 Bad Gateway

Hi Haproxy-Team,

I have the following configuration:

listen http_proxy-1000
bind *:1000
mode http
option httplog
http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
option http_proxy


If I issue a request to that port :

https://<haproxyHost>:1000
/test/test.txt?Host=<desthost>:8093

I get <BadReq>

If I add ssl termination to the config:

listen http_proxy-1000
bind *:1000 ssl test.pem
mode http
option httplog
http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
option http_proxy


I get :
http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"

I have also set :

ssl-server-verify none

@global still no luck.

Let me know if I am missing anything .

Thanks,
Praveen.


-----Original Message-----
From: Aleksandar Lazic [mailto:[email protected]]
Sent: Tuesday, May 01, 2018 7:22 AM
To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]>
Cc: Olivier Houchard <[email protected]>; haproxy@formilux.org
Subject: Re: Logging Question

Hi.

Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN:
>
> Hi Willy/Oliver,
>
> One small question:
>
> When I capture the header it's returning xxxx.com in the log but when I perform Get on xxxx.com:1000 it is not matching the following configuration.
>
> frontend http-1000
> bind *:1000
> option httplog
> capture request header Host len 20
> acl is_east hdr(host) -i xxxx.com

Maybe this helps?

acl is_east hdr_beg(host) -i xxxx.com

> use_backend east_bk_1000_read if is_east
>
> My question is how can I print o/p of hdr(host) & is_east to log?
>
> Appreciate your help.
>
> Thanks,
> Praveen.

Regards
Aleks
Shawn Heisey
Re: 502 Bad Gateway
May 08, 2018 09:40PM
On 5/7/2018 11:25 PM, UPPALAPATI, PRAVEEN wrote:

> If I add ssl termination to the config:
>
> listen http_proxy-1000
> bind *:1000 ssl test.pem
> mode http
> option httplog
> http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
> option http_proxy
>
> I get :
> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"

In your listen config, you are using a URL parameter called redirHost,
but the log shows that the request has idnsredirHost.  I think this
mismatch is a problem.

Thanks,
Shawn
Aleksandar Lazic
502 Bad Gateway
May 09, 2018 12:00AM
Hi.

Looks like there is some confusion about your question.
Let me try to summarize what I think that you could mean.

Am 08.05.2018 um 16:22 schrieb UPPALAPATI, PRAVEEN:
> Hi Aleks,
>
> Sorry I missed the group.
>
> My Full Config:
>
> #---------------------------------------------------------------------
> # Example configuration for a possible web application. See the
> # full configuration options online.
> #
> # http://haproxy.1wt.eu/download/1.3/doc/configuration.txt

This should be
https://www.haproxy.org/download/1.8/doc/configuration.txt or
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html

> #---------------------------------------------------------------------
>
> #---------------------------------------------------------------------
> # Global settings
> #---------------------------------------------------------------------
> global
> log 127.0.0.1:514 local0 info alert
> log 127.0.0.1:514 local2 info alert
> maxconn 20000
> user haproxy
> group haproxy
> daemon
> nbthread 4
> ssl-server-verify none
>
> tune.ssl.default-dh-param 2048
>
>
>
> #---------------------------------------------------------------------
> # common defaults that all the 'listen' and 'backend' sections will
> # use if not designated in their block
> #---------------------------------------------------------------------
> defaults
>
> log global
> mode http
> option dontlognull
> rate-limit sessions 6000
> timeout connect 300000 # default 10 second time out if a backend is not found

The comment is not true.

The current timeout is 300s

https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#2.4

> timeout client 6600000
> timeout server 6600000
This is 110m ~ 1.8 hours

> option http-server-close
> maxconn 20000
> retries 3
>
>
> listen http_proxy-1000
> bind *:1000
> mode http
> option httplog
> http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
> option http_proxy
> #---------------------------------------------------------------------

I miss here the server line.

> I also tried :
>
> listen http_proxy-1000
> bind *:1000 ssl crt certs.pem
> mode http
> option httplog
> http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
> option http_proxy
Same here.

I tried also both configs and have the same result '<NOSRV>' as you have.

Your line
>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET
/test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>>

My Test
###
May 8 22:52:54 app001 haproxy[5141]: Proxy http_proxy-1000 started.
May 8 22:52:59 app001 haproxy[5141]: 127.0.0.1:52046 [08/May/2018:22:52:59.177] http_proxy-1000
http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0 "GET
/test/test.txt?Host=www.google.com:80 HTTP/1.1"
###

I think that the you need at least ONE server line.

I assume you want to set the destination server dynamically based on the query parameter
'Host|idnsredirHost|redirHost', it's not clear which parameter you want, as Shawn mentioned.

Maybe you can take a look into the following links.

https://discourse.haproxy.org/t/dynamic-server-selection/149/2
https://www.egnyte.com/blog/2017/04/dynamic-backends-in-haproxy-with-lua/

Is this what you need?

>> HAProxy Version :
>
> //opt/app/haproxy/sbin/haproxy -vv
> HA-Proxy version 1.8.4-1deb90d 2018/02/08

[snipp]

>> Was the acl below helpfull?
> Yes and also wanted to know if there is a way to print o/p of : hdr_beg(host) for debug purposes

You can capture the host header the captured one will be displayed in the logs.
I don't think that you only can get the result of `hdr_beg(host)` easily, maybe I'm wrong.

https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-capture%20request%20header

Config:

```
capture request header Host len 15
```

```
[email protected]:~$ curl -v 'http://localhost:1000/test/test.txt?Host=www.google.com:80'
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 1000 (#0)
> GET /test/test.txt?Host=www.google.com:80 HTTP/1.1
> Host: localhost:1000
> User-Agent: curl/7.47.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad request
< Cache-Control: no-cache
< Connection: close
< Content-Type: text/html
<
<html><body><h1>400 Bad request</h1>
Your browser sent an invalid request.
</body></html>
* Closing connection 0

[email protected]:~$ fg
sudo tail -f /var/log/haproxy.log
May 8 23:37:54 app001 haproxy[8804]: Proxy http_proxy-1000 started.
May 8 23:37:58 app001 haproxy[8804]: 127.0.0.1:35988 [08/May/2018:23:37:58.074] http_proxy-1000
http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0 {localhost:1000} "GET
/test/test.txt?Host=www.google.com:80 HTTP/1.1"
```

Best regards

Aleks

> Thanks,
> Praveen.
>
> -----Original Message-----
> From: Aleksandar Lazic [mailto:[email protected]]
> Sent: Tuesday, May 08, 2018 7:40 AM
> To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy@formilux.org
> Subject: Re: 502 Bad Gateway
>
> Hi.
>
> Please post only to the mailing list, thanks.
> Please keep the mailinglist in the mail loop => "Answer all".
>
> Am 08.05.2018 um 07:25 schrieb UPPALAPATI, PRAVEEN:
>> Hi Haproxy-Team,
>>
>> I have the following configuration:
>>
>> listen http_proxy-1000
>> bind *:1000
>> mode http
>> option httplog
>> http-request set-uri https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
>> option http_proxy
>
> This isn't the whole config, isn't it?
>
> The 'url_param' does not match the request below, afais.
>
> Please can you answer the following questions.
>
> Which HAProxy Version do you use?
> What's the whole HAProxy config?
> Was the acl below helpfull?
>
> Regards
> Aleks
>
>> If I issue a request to that port :
>>
>> https://<haproxyHost>:1000
>> /test/test.txt?Host=<desthost>:8093
>>
>> I get <BadReq>
>>
>> If I add ssl termination to the config:
>>
>> listen http_proxy-1000
>> bind *:1000 ssl test.pem
>> mode http
>> option httplog
>> http-request set-uri https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
>> option http_proxy
>>
>>
>> I get :
>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>>
>> I have also set :
>>
>> ssl-server-verify none
>>
>> @global still no luck.
>>
>> Let me know if I am missing anything .
>>
>> Thanks,
>> Praveen.
>>
>>
>> -----Original Message-----
>> From: Aleksandar Lazic [mailto:[email protected]t]
>> Sent: Tuesday, May 01, 2018 7:22 AM
>> To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]>
>> Cc: Olivier Houchard <[email protected]>; haproxy@formilux.org
>> Subject: Re: Logging Question
>>
>> Hi.
>>
>> Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN:
>>>
>>> Hi Willy/Oliver,
>>>
>>> One small question:
>>>
>>> When I capture the header it's returning xxxx.com in the log but when I perform Get on xxxx.com:1000 it is not matching the following configuration.
>>>
>>> frontend http-1000
>>> bind *:1000
>>> option httplog
>>> capture request header Host len 20
>>> acl is_east hdr(host) -i xxxx.com
>>
>> Maybe this helps?
>>
>> acl is_east hdr_beg(host) -i xxxx.com
>>
>>> use_backend east_bk_1000_read if is_east
>>>
>>> My question is how can I print o/p of hdr(host) & is_east to log?
>>>
>>> Appreciate your help.
>>>
>>> Thanks,
>>> Praveen.
>>
>> Regards
>> Aleks
>>
>
UPPALAPATI, PRAVEEN
RE: 502 Bad Gateway
May 09, 2018 12:30AM
Hi Aleks,

Thanks for the info.

Some of the default config we corrected in the prod.

Let me clarify you on whatz working and whatz not working for us with option http-proxy

Config:

listen http_proxy-1000
bind *:1000
mode http
option httplog
http-request set-uri http://%[url_param(redirHost)]%[capture.req.uri]
option http_proxy

reqUrl : http://<haproxyhost>:1000/test/health.txt?redirHost:<destinationServer>:<port>;

this gets converted to:

http:// <destinationServer>:<port>/test/health.txt?redirHost:<destinationServer>:<port>

This config in the log still says <noserv> but option http_proxy will route to the updated url and I get 200 OK

this is our intended behavior and works fine



What's not working for us is if we have to do this for https

listen http_proxy-1000
bind *:1000 ssl test.pem
mode http
option httplog
http-request set-uri https://%[url_param(redirHost)]%[capture.req.uri]
option http_proxy

Hope this helps.

Thanks,
Praveen.


-----Original Message-----
From: Aleksandar Lazic [mailto:[email protected]]
Sent: Tuesday, May 08, 2018 4:55 PM
To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy@formilux.org
Subject: 502 Bad Gateway

Hi.

Looks like there is some confusion about your question.
Let me try to summarize what I think that you could mean.

Am 08.05.2018 um 16:22 schrieb UPPALAPATI, PRAVEEN:
> Hi Aleks,
>
> Sorry I missed the group.
>
> My Full Config:
>
> #---------------------------------------------------------------------
> # Example configuration for a possible web application. See the
> # full configuration options online.
> #
> # https://urldefense.proofpoint.com/v2/url?u=http-3A__haproxy.1wt.eu_download_1.3_doc_configuration.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=C4BCJfT0RK1be2KQmPIHso7q5thkyKsIk1ouBDtjtaE&e=

This should be
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.org_download_1.8_doc_configuration.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=q4U8esi96_sOL0XvcAS53n77UDq1oCz3zVhsj6sPHVQ&e= or
https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=mVj1QMb_Ass1oDZB-LXh4cJl_3_UTYoRPxNsxQncTNY&e=

> #---------------------------------------------------------------------
>
> #---------------------------------------------------------------------
> # Global settings
> #---------------------------------------------------------------------
> global
> log 127.0.0.1:514 local0 info alert
> log 127.0.0.1:514 local2 info alert
> maxconn 20000
> user haproxy
> group haproxy
> daemon
> nbthread 4
> ssl-server-verify none
>
> tune.ssl.default-dh-param 2048
>
>
>
> #---------------------------------------------------------------------
> # common defaults that all the 'listen' and 'backend' sections will
> # use if not designated in their block
> #---------------------------------------------------------------------
> defaults
>
> log global
> mode http
> option dontlognull
> rate-limit sessions 6000
> timeout connect 300000 # default 10 second time out if a backend is not found

The comment is not true.

The current timeout is 300s

https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-232.4&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=0go0CAnboRAg0FIQf1rqTaUbPxDeuEfStrtb0ul5Z4k&e=

> timeout client 6600000
> timeout server 6600000
This is 110m ~ 1.8 hours

> option http-server-close
> maxconn 20000
> retries 3
>
>
> listen http_proxy-1000
> bind *:1000
> mode http
> option httplog
> http-request set-uri https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=Enzg1AulwX2G4bls9I-eiwsFm-vC1gYMGz0GPEpR89o&e=
> option http_proxy
> #---------------------------------------------------------------------

I miss here the server line.

> I also tried :
>
> listen http_proxy-1000
> bind *:1000 ssl crt certs.pem
> mode http
> option httplog
> http-request set-uri https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=Enzg1AulwX2G4bls9I-eiwsFm-vC1gYMGz0GPEpR89o&e=
> option http_proxy
Same here.

I tried also both configs and have the same result '<NOSRV>' as you have.

Your line
>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET
/test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>>

My Test
###
May 8 22:52:54 app001 haproxy[5141]: Proxy http_proxy-1000 started.
May 8 22:52:59 app001 haproxy[5141]: 127.0.0.1:52046 [08/May/2018:22:52:59.177] http_proxy-1000
http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0 "GET
/test/test.txt?Host=www.google.com:80 HTTP/1.1"
###

I think that the you need at least ONE server line.

I assume you want to set the destination server dynamically based on the query parameter
'Host|idnsredirHost|redirHost', it's not clear which parameter you want, as Shawn mentioned.

Maybe you can take a look into the following links.

https://urldefense.proofpoint.com/v2/url?u=https-3A__discourse.haproxy.org_t_dynamic-2Dserver-2Dselection_149_2&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=ZRhHfBHC6Uu00ktMxf4fzTwMqKN7YQPjlrES6mBRDA0&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.egnyte.com_blog_2017_04_dynamic-2Dbackends-2Din-2Dhaproxy-2Dwith-2Dlua_&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=YcEYgyPUHsGsau3PttfPLca26yyBLqDGv3onjyiBVtY&e=

Is this what you need?

>> HAProxy Version :
>
> //opt/app/haproxy/sbin/haproxy -vv
> HA-Proxy version 1.8.4-1deb90d 2018/02/08

[snipp]

>> Was the acl below helpfull?
> Yes and also wanted to know if there is a way to print o/p of : hdr_beg(host) for debug purposes

You can capture the host header the captured one will be displayed in the logs.
I don't think that you only can get the result of `hdr_beg(host)` easily, maybe I'm wrong.

https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-234.2-2Dcapture-2520request-2520header&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=3h2iuYZHv2LKLc2sQwlp4kKRyksmDOdijU7C9fLnI7c&e=

Config:

```
capture request header Host len 15
```

```
[email protected]:~$ curl -v 'http://localhost:1000/test/test.txt?Host=www.google.com:80'
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 1000 (#0)
> GET /test/test.txt?Host=www.google.com:80 HTTP/1.1
> Host: localhost:1000
> User-Agent: curl/7.47.0
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 400 Bad request
< Cache-Control: no-cache
< Connection: close
< Content-Type: text/html
<
<html><body><h1>400 Bad request</h1>
Your browser sent an invalid request.
</body></html>
* Closing connection 0

[email protected]:~$ fg
sudo tail -f /var/log/haproxy.log
May 8 23:37:54 app001 haproxy[8804]: Proxy http_proxy-1000 started.
May 8 23:37:58 app001 haproxy[8804]: 127.0.0.1:35988 [08/May/2018:23:37:58.074] http_proxy-1000
http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0 {localhost:1000} "GET
/test/test.txt?Host=www.google.com:80 HTTP/1.1"
```

Best regards

Aleks

> Thanks,
> Praveen.
>
> -----Original Message-----
> From: Aleksandar Lazic [mailto:[email protected]]
> Sent: Tuesday, May 08, 2018 7:40 AM
> To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy@formilux.org
> Subject: Re: 502 Bad Gateway
>
> Hi.
>
> Please post only to the mailing list, thanks.
> Please keep the mailinglist in the mail loop => "Answer all".
>
> Am 08.05.2018 um 07:25 schrieb UPPALAPATI, PRAVEEN:
>> Hi Haproxy-Team,
>>
>> I have the following configuration:
>>
>> listen http_proxy-1000
>> bind *:1000
>> mode http
>> option httplog
>> http-request set-uri https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
>> option http_proxy
>
> This isn't the whole config, isn't it?
>
> The 'url_param' does not match the request below, afais.
>
> Please can you answer the following questions.
>
> Which HAProxy Version do you use?
> What's the whole HAProxy config?
> Was the acl below helpfull?
>
> Regards
> Aleks
>
>> If I issue a request to that port :
>>
>> https://<haproxyHost>:1000
>> /test/test.txt?Host=<desthost>:8093
>>
>> I get <BadReq>
>>
>> If I add ssl termination to the config:
>>
>> listen http_proxy-1000
>> bind *:1000 ssl test.pem
>> mode http
>> option httplog
>> http-request set-uri https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
>> option http_proxy
>>
>>
>> I get :
>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0 "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>>
>> I have also set :
>>
>> ssl-server-verify none
>>
>> @global still no luck.
>>
>> Let me know if I am missing anything .
>>
>> Thanks,
>> Praveen.
>>
>>
>> -----Original Message-----
>> From: Aleksandar Lazic [mailto:[email protected]]
>> Sent: Tuesday, May 01, 2018 7:22 AM
>> To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]>
>> Cc: Olivier Houchard <[email protected]>; haproxy@formilux.org
>> Subject: Re: Logging Question
>>
>> Hi.
>>
>> Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN:
>>>
>>> Hi Willy/Oliver,
>>>
>>> One small question:
>>>
>>> When I capture the header it's returning xxxx.com in the log but when I perform Get on xxxx.com:1000 it is not matching the following configuration.
>>>
>>> frontend http-1000
>>> bind *:1000
>>> option httplog
>>> capture request header Host len 20
>>> acl is_east hdr(host) -i xxxx.com
>>
>> Maybe this helps?
>>
>> acl is_east hdr_beg(host) -i xxxx.com
>>
>>> use_backend east_bk_1000_read if is_east
>>>
>>> My question is how can I print o/p of hdr(host) & is_east to log?
>>>
>>> Appreciate your help.
>>>
>>> Thanks,
>>> Praveen.
>>
>> Regards
>> Aleks
>>
>
Aleksandar Lazic
Re: 502 Bad Gateway
May 09, 2018 01:50PM
Hi Praveen.

Am 09-05-2018 00:25, schrieb UPPALAPATI, PRAVEEN:
> Hi Aleks,
>
> Thanks for the info.
>
> Some of the default config we corrected in the prod.
>
> Let me clarify you on whatz working and whatz not working for us with
> option http-proxy
>
> Config:
>
> listen http_proxy-1000
> bind *:1000
> mode http
> option httplog
> http-request set-uri
> http://%[url_param(redirHost)]%[capture.req.uri]
> option http_proxy
>
> reqUrl :
> http://<haproxyhost>:1000/test/health.txt?redirHost:<destinationServer>:<port>;
>
> this gets converted to:
>
> http://
> <destinationServer>:<port>/test/health.txt?redirHost:<destinationServer>:<port>

With blank or without blank?

> This config in the log still says <noserv> but option http_proxy will
> route to the updated url and I get 200 OK
>
> this is our intended behavior and works fine

Cool. Then is the '<NOSRV>' a little bit misleading, at least for me.

> What's not working for us is if we have to do this for https
>
> listen http_proxy-1000
> bind *:1000 ssl test.pem
> mode http
> option httplog
> http-request set-uri
> https://%[url_param(redirHost)]%[capture.req.uri]
> option http_proxy
>
> Hope this helps.

Yes.

In the doc is only the 'http://' schema mentioned, I'm not sure if https
should work.
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-option%20http_proxy

Sorry for the rush but I can't answer this question.

> Thanks,
> Praveen.

Best regards
Aleks

> -----Original Message-----
> From: Aleksandar Lazic [mailto:[email protected]]
> Sent: Tuesday, May 08, 2018 4:55 PM
> To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy@formilux.org
> Subject: 502 Bad Gateway
>
> Hi.
>
> Looks like there is some confusion about your question.
> Let me try to summarize what I think that you could mean.
>
> Am 08.05.2018 um 16:22 schrieb UPPALAPATI, PRAVEEN:
>> Hi Aleks,
>>
>> Sorry I missed the group.
>>
>> My Full Config:
>>
>> #---------------------------------------------------------------------
>> # Example configuration for a possible web application. See the
>> # full configuration options online.
>> #
>> #
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__haproxy.1wt.eu_download_1.3_doc_configuration.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=C4BCJfT0RK1be2KQmPIHso7q5thkyKsIk1ouBDtjtaE&e=
>
> This should be
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.org_download_1.8_doc_configuration.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=q4U8esi96_sOL0XvcAS53n77UDq1oCz3zVhsj6sPHVQ&e=
> or
> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=mVj1QMb_Ass1oDZB-LXh4cJl_3_UTYoRPxNsxQncTNY&e=
>
>> #---------------------------------------------------------------------
>>
>> #---------------------------------------------------------------------
>> # Global settings
>> #---------------------------------------------------------------------
>> global
>> log 127.0.0.1:514 local0 info alert
>> log 127.0.0.1:514 local2 info alert
>> maxconn 20000
>> user haproxy
>> group haproxy
>> daemon
>> nbthread 4
>> ssl-server-verify none
>>
>> tune.ssl.default-dh-param 2048
>>
>>
>>
>> #---------------------------------------------------------------------
>> # common defaults that all the 'listen' and 'backend' sections will
>> # use if not designated in their block
>> #---------------------------------------------------------------------
>> defaults
>>
>> log global
>> mode http
>> option dontlognull
>> rate-limit sessions 6000
>> timeout connect 300000 # default 10 second time out if a backend
>> is not found
>
> The comment is not true.
>
> The current timeout is 300s
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-232.4&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=0go0CAnboRAg0FIQf1rqTaUbPxDeuEfStrtb0ul5Z4k&e=
>
>> timeout client 6600000
>> timeout server 6600000
> This is 110m ~ 1.8 hours
>
>> option http-server-close
>> maxconn 20000
>> retries 3
>>
>>
>> listen http_proxy-1000
>> bind *:1000
>> mode http
>> option httplog
>> http-request set-uri
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=Enzg1AulwX2G4bls9I-eiwsFm-vC1gYMGz0GPEpR89o&e=
>> option http_proxy
>> #---------------------------------------------------------------------
>
> I miss here the server line.
>
>> I also tried :
>>
>> listen http_proxy-1000
>> bind *:1000 ssl crt certs.pem
>> mode http
>> option httplog
>> http-request set-uri
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=Enzg1AulwX2G4bls9I-eiwsFm-vC1gYMGz0GPEpR89o&e=
>> option http_proxy
> Same here.
>
> I tried also both configs and have the same result '<NOSRV>' as you
> have.
>
> Your line
>>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0
>>> "GET
> /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>>>
>
> My Test
> ###
> May 8 22:52:54 app001 haproxy[5141]: Proxy http_proxy-1000 started.
> May 8 22:52:59 app001 haproxy[5141]: 127.0.0.1:52046
> [08/May/2018:22:52:59.177] http_proxy-1000
> http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0
> "GET
> /test/test.txt?Host=www.google.com:80 HTTP/1.1"
> ###
>
> I think that the you need at least ONE server line.
>
> I assume you want to set the destination server dynamically based on
> the query parameter
> 'Host|idnsredirHost|redirHost', it's not clear which parameter you
> want, as Shawn mentioned.
>
> Maybe you can take a look into the following links.
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__discourse.haproxy.org_t_dynamic-2Dserver-2Dselection_149_2&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=ZRhHfBHC6Uu00ktMxf4fzTwMqKN7YQPjlrES6mBRDA0&e=
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.egnyte.com_blog_2017_04_dynamic-2Dbackends-2Din-2Dhaproxy-2Dwith-2Dlua_&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=YcEYgyPUHsGsau3PttfPLca26yyBLqDGv3onjyiBVtY&e=
>
> Is this what you need?
>
>>> HAProxy Version :
>>
>> //opt/app/haproxy/sbin/haproxy -vv
>> HA-Proxy version 1.8.4-1deb90d 2018/02/08
>
> [snipp]
>
>>> Was the acl below helpfull?
>> Yes and also wanted to know if there is a way to print o/p of :
>> hdr_beg(host) for debug purposes
>
> You can capture the host header the captured one will be displayed in
> the logs.
> I don't think that you only can get the result of `hdr_beg(host)`
> easily, maybe I'm wrong.
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-234.2-2Dcapture-2520request-2520header&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=3h2iuYZHv2LKLc2sQwlp4kKRyksmDOdijU7C9fLnI7c&e=
>
> Config:
>
> ```
> capture request header Host len 15
> ```
>
> ```
> [email protected]:~$ curl -v
> 'http://localhost:1000/test/test.txt?Host=www.google.com:80'
> * Trying 127.0.0.1...
> * Connected to localhost (127.0.0.1) port 1000 (#0)
>> GET /test/test.txt?Host=www.google.com:80 HTTP/1.1
>> Host: localhost:1000
>> User-Agent: curl/7.47.0
>> Accept: */*
>>
> * HTTP 1.0, assume close after body
> < HTTP/1.0 400 Bad request
> < Cache-Control: no-cache
> < Connection: close
> < Content-Type: text/html
> <
> <html><body><h1>400 Bad request</h1>
> Your browser sent an invalid request.
> </body></html>
> * Closing connection 0
>
> [email protected]:~$ fg
> sudo tail -f /var/log/haproxy.log
> May 8 23:37:54 app001 haproxy[8804]: Proxy http_proxy-1000 started.
> May 8 23:37:58 app001 haproxy[8804]: 127.0.0.1:35988
> [08/May/2018:23:37:58.074] http_proxy-1000
> http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0
> {localhost:1000} "GET
> /test/test.txt?Host=www.google.com:80 HTTP/1.1"
> ```
>
> Best regards
>
> Aleks
>
>> Thanks,
>> Praveen.
>>
>> -----Original Message-----
>> From: Aleksandar Lazic [mailto:[email protected]]
>> Sent: Tuesday, May 08, 2018 7:40 AM
>> To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy@formilux.org
>> Subject: Re: 502 Bad Gateway
>>
>> Hi.
>>
>> Please post only to the mailing list, thanks.
>> Please keep the mailinglist in the mail loop => "Answer all".
>>
>> Am 08.05.2018 um 07:25 schrieb UPPALAPATI, PRAVEEN:
>>> Hi Haproxy-Team,
>>>
>>> I have the following configuration:
>>>
>>> listen http_proxy-1000
>>> bind *:1000
>>> mode http
>>> option httplog
>>> http-request set-uri
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
>>> option http_proxy
>>
>> This isn't the whole config, isn't it?
>>
>> The 'url_param' does not match the request below, afais.
>>
>> Please can you answer the following questions.
>>
>> Which HAProxy Version do you use?
>> What's the whole HAProxy config?
>> Was the acl below helpfull?
>>
>> Regards
>> Aleks
>>
>>> If I issue a request to that port :
>>>
>>> https://<haproxyHost>:1000
>>> /test/test.txt?Host=<desthost>:8093
>>>
>>> I get <BadReq>
>>>
>>> If I add ssl termination to the config:
>>>
>>> listen http_proxy-1000
>>> bind *:1000 ssl test.pem
>>> mode http
>>> option httplog
>>> http-request set-uri
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
>>> option http_proxy
>>>
>>>
>>> I get :
>>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0
>>> "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>>>
>>> I have also set :
>>>
>>> ssl-server-verify none
>>>
>>> @global still no luck.
>>>
>>> Let me know if I am missing anything .
>>>
>>> Thanks,
>>> Praveen.
>>>
>>>
>>> -----Original Message-----
>>> From: Aleksandar Lazic [mailto:[email protected]]
>>> Sent: Tuesday, May 01, 2018 7:22 AM
>>> To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]>
>>> Cc: Olivier Houchard <[email protected]>; haproxy@formilux.org
>>> Subject: Re: Logging Question
>>>
>>> Hi.
>>>
>>> Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN:
>>>>
>>>> Hi Willy/Oliver,
>>>>
>>>> One small question:
>>>>
>>>> When I capture the header it's returning xxxx.com in the log but
>>>> when I perform Get on xxxx.com:1000 it is not matching the following
>>>> configuration.
>>>>
>>>> frontend http-1000
>>>> bind *:1000
>>>> option httplog
>>>> capture request header Host len 20
>>>> acl is_east hdr(host) -i xxxx.com
>>>
>>> Maybe this helps?
>>>
>>> acl is_east hdr_beg(host) -i xxxx.com
>>>
>>>> use_backend east_bk_1000_read if is_east
>>>>
>>>> My question is how can I print o/p of hdr(host) & is_east to log?
>>>>
>>>> Appreciate your help.
>>>>
>>>> Thanks,
>>>> Praveen.
>>>
>>> Regards
>>> Aleks
>>>
>>
UPPALAPATI, PRAVEEN
RE: 502 Bad Gateway
May 15, 2018 04:40PM
Hi Alek/Haproxy Team,

Any other way to effectively get the https proxy working ?

Currently we are manually adding servers which is putting a limit to get the dynamic nature.

Thanks,
Praveen.

-----Original Message-----
From: Aleksandar Lazic [mailto:[email protected]]
Sent: Wednesday, May 09, 2018 6:38 AM
To: UPPALAPATI, PRAVEEN <[email protected]>
Cc: haproxy@formilux.org; SIVANANDHAM, THANIGAIVEL <[email protected]>
Subject: Re: 502 Bad Gateway

Hi Praveen.

Am 09-05-2018 00:25, schrieb UPPALAPATI, PRAVEEN:
> Hi Aleks,
>
> Thanks for the info.
>
> Some of the default config we corrected in the prod.
>
> Let me clarify you on whatz working and whatz not working for us with
> option http-proxy
>
> Config:
>
> listen http_proxy-1000
> bind *:1000
> mode http
> option httplog
> http-request set-uri
> https://urldefense.proofpoint.com/v2/url?u=http-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=p29xLcYDASs3x4Jull7dRenJ5n83VByMzJgUh-as5KE&s=A446uw28K_ENq4r6wM0I8IP1BmfA-kIvREkV-nAa80g&e=
> option http_proxy
>
> reqUrl :
> http://<haproxyhost>:1000/test/health.txt?redirHost:<destinationServer>:<port>;
>
> this gets converted to:
>
> http://
> <destinationServer>:<port>/test/health.txt?redirHost:<destinationServer>:<port>

With blank or without blank?

> This config in the log still says <noserv> but option http_proxy will
> route to the updated url and I get 200 OK
>
> this is our intended behavior and works fine

Cool. Then is the '<NOSRV>' a little bit misleading, at least for me.

> What's not working for us is if we have to do this for https
>
> listen http_proxy-1000
> bind *:1000 ssl test.pem
> mode http
> option httplog
> http-request set-uri
> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=p29xLcYDASs3x4Jull7dRenJ5n83VByMzJgUh-as5KE&s=BUzhtM4LAJ_Y8KSJiDEnYdiaFjSV3706amy-DEw693s&e=
> option http_proxy
>
> Hope this helps.

Yes.

In the doc is only the 'http://' schema mentioned, I'm not sure if https
should work.
https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-234-2Doption-2520http-5Fproxy&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=p29xLcYDASs3x4Jull7dRenJ5n83VByMzJgUh-as5KE&s=LJalrOltyqxtwsl8VWJF1vWhID6jTOLuPQRgiJW37Qw&e=

Sorry for the rush but I can't answer this question.

> Thanks,
> Praveen.

Best regards
Aleks

> -----Original Message-----
> From: Aleksandar Lazic [mailto:[email protected]]
> Sent: Tuesday, May 08, 2018 4:55 PM
> To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy@formilux.org
> Subject: 502 Bad Gateway
>
> Hi.
>
> Looks like there is some confusion about your question.
> Let me try to summarize what I think that you could mean.
>
> Am 08.05.2018 um 16:22 schrieb UPPALAPATI, PRAVEEN:
>> Hi Aleks,
>>
>> Sorry I missed the group.
>>
>> My Full Config:
>>
>> #---------------------------------------------------------------------
>> # Example configuration for a possible web application. See the
>> # full configuration options online.
>> #
>> #
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__haproxy.1wt.eu_download_1.3_doc_configuration.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=C4BCJfT0RK1be2KQmPIHso7q5thkyKsIk1ouBDtjtaE&e=
>
> This should be
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.org_download_1.8_doc_configuration.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=q4U8esi96_sOL0XvcAS53n77UDq1oCz3zVhsj6sPHVQ&e=
> or
> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=mVj1QMb_Ass1oDZB-LXh4cJl_3_UTYoRPxNsxQncTNY&e=
>
>> #---------------------------------------------------------------------
>>
>> #---------------------------------------------------------------------
>> # Global settings
>> #---------------------------------------------------------------------
>> global
>> log 127.0.0.1:514 local0 info alert
>> log 127.0.0.1:514 local2 info alert
>> maxconn 20000
>> user haproxy
>> group haproxy
>> daemon
>> nbthread 4
>> ssl-server-verify none
>>
>> tune.ssl.default-dh-param 2048
>>
>>
>>
>> #---------------------------------------------------------------------
>> # common defaults that all the 'listen' and 'backend' sections will
>> # use if not designated in their block
>> #---------------------------------------------------------------------
>> defaults
>>
>> log global
>> mode http
>> option dontlognull
>> rate-limit sessions 6000
>> timeout connect 300000 # default 10 second time out if a backend
>> is not found
>
> The comment is not true.
>
> The current timeout is 300s
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-232.4&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=0go0CAnboRAg0FIQf1rqTaUbPxDeuEfStrtb0ul5Z4k&e=
>
>> timeout client 6600000
>> timeout server 6600000
> This is 110m ~ 1.8 hours
>
>> option http-server-close
>> maxconn 20000
>> retries 3
>>
>>
>> listen http_proxy-1000
>> bind *:1000
>> mode http
>> option httplog
>> http-request set-uri
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=Enzg1AulwX2G4bls9I-eiwsFm-vC1gYMGz0GPEpR89o&e=
>> option http_proxy
>> #---------------------------------------------------------------------
>
> I miss here the server line.
>
>> I also tried :
>>
>> listen http_proxy-1000
>> bind *:1000 ssl crt certs.pem
>> mode http
>> option httplog
>> http-request set-uri
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=Enzg1AulwX2G4bls9I-eiwsFm-vC1gYMGz0GPEpR89o&e=
>> option http_proxy
> Same here.
>
> I tried also both configs and have the same result '<NOSRV>' as you
> have.
>
> Your line
>>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0
>>> "GET
> /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>>>
>
> My Test
> ###
> May 8 22:52:54 app001 haproxy[5141]: Proxy http_proxy-1000 started.
> May 8 22:52:59 app001 haproxy[5141]: 127.0.0.1:52046
> [08/May/2018:22:52:59.177] http_proxy-1000
> http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0
> "GET
> /test/test.txt?Host=www.google.com:80 HTTP/1.1"
> ###
>
> I think that the you need at least ONE server line.
>
> I assume you want to set the destination server dynamically based on
> the query parameter
> 'Host|idnsredirHost|redirHost', it's not clear which parameter you
> want, as Shawn mentioned.
>
> Maybe you can take a look into the following links.
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__discourse.haproxy.org_t_dynamic-2Dserver-2Dselection_149_2&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=ZRhHfBHC6Uu00ktMxf4fzTwMqKN7YQPjlrES6mBRDA0&e=
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.egnyte.com_blog_2017_04_dynamic-2Dbackends-2Din-2Dhaproxy-2Dwith-2Dlua_&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=YcEYgyPUHsGsau3PttfPLca26yyBLqDGv3onjyiBVtY&e=
>
> Is this what you need?
>
>>> HAProxy Version :
>>
>> //opt/app/haproxy/sbin/haproxy -vv
>> HA-Proxy version 1.8.4-1deb90d 2018/02/08
>
> [snipp]
>
>>> Was the acl below helpfull?
>> Yes and also wanted to know if there is a way to print o/p of :
>> hdr_beg(host) for debug purposes
>
> You can capture the host header the captured one will be displayed in
> the logs.
> I don't think that you only can get the result of `hdr_beg(host)`
> easily, maybe I'm wrong.
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-234.2-2Dcapture-2520request-2520header&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=3h2iuYZHv2LKLc2sQwlp4kKRyksmDOdijU7C9fLnI7c&e=
>
> Config:
>
> ```
> capture request header Host len 15
> ```
>
> ```
> [email protected]:~$ curl -v
> 'http://localhost:1000/test/test.txt?Host=www.google.com:80'
> * Trying 127.0.0.1...
> * Connected to localhost (127.0.0.1) port 1000 (#0)
>> GET /test/test.txt?Host=www.google.com:80 HTTP/1.1
>> Host: localhost:1000
>> User-Agent: curl/7.47.0
>> Accept: */*
>>
> * HTTP 1.0, assume close after body
> < HTTP/1.0 400 Bad request
> < Cache-Control: no-cache
> <Connection:close> < Content-Type: text/html
> <
> <html><body><h1>400 Bad request</h1>
> Your browser sent an invalid request.
> </body></html>
> * Closing connection 0
>
> [email protected]:~$ fg
> sudo tail -f /var/log/haproxy.log
> May 8 23:37:54 app001 haproxy[8804]: Proxy http_proxy-1000 started.
> May 8 23:37:58 app001 haproxy[8804]: 127.0.0.1:35988
> [08/May/2018:23:37:58.074] http_proxy-1000
> http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0
> {localhost:1000} "GET
> /test/test.txt?Host=www.google.com:80 HTTP/1.1"
> ```
>
> Best regards
>
> Aleks
>
>> Thanks,
>> Praveen.
>>
>> -----Original Message-----
>> From: Aleksandar Lazic [mailto:[email protected]]
>> Sent: Tuesday, May 08, 2018 7:40 AM
>> To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy@formilux.org
>> Subject: Re: 502 Bad Gateway
>>
>> Hi.
>>
>> Please post only to the mailing list, thanks.
>> Please keep the mailinglist in the mail loop => "Answer all".
>>
>> Am 08.05.2018 um 07:25 schrieb UPPALAPATI, PRAVEEN:
>>> Hi Haproxy-Team,
>>>
>>> I have the following configuration:
>>>
>>> listen http_proxy-1000
>>> bind *:1000
>>> mode http
>>> option httplog
>>> http-request set-uri
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
>>> option http_proxy
>>
>> This isn't the whole config, isn't it?
>>
>> The 'url_param' does not match the request below, afais.
>>
>> Please can you answer the following questions.
>>
>> Which HAProxy Version do you use?
>> What's the whole HAProxy config?
>> Was the acl below helpfull?
>>
>> Regards
>> Aleks
>>
>>> If I issue a request to that port :
>>>
>>> https://<haproxyHost>:1000
>>> /test/test.txt?Host=<desthost>:8093
>>>
>>> I get <BadReq>
>>>
>>> If I add ssl termination to the config:
>>>
>>> listen http_proxy-1000
>>> bind *:1000 ssl test.pem
>>> mode http
>>> option httplog
>>> http-request set-uri
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
>>> option http_proxy
>>>
>>>
>>> I get :
>>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0
>>> "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>>>
>>> I have also set :
>>>
>>> ssl-server-verify none
>>>
>>> @global still no luck.
>>>
>>> Let me know if I am missing anything .
>>>
>>> Thanks,
>>> Praveen.
>>>
>>>
>>> -----Original Message-----
>>> From: Aleksandar Lazic [mailto:[email protected]]
>>> Sent: Tuesday, May 01, 2018 7:22 AM
>>> To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]>
>>> Cc: Olivier Houchard <[email protected]>; haproxy@formilux.org
>>> Subject: Re: Logging Question
>>>
>>> Hi.
>>>
>>> Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN:
>>>>
>>>> Hi Willy/Oliver,
>>>>
>>>> One small question:
>>>>
>>>> When I capture the header it's returning xxxx.com in the log but
>>>> when I perform Get on xxxx.com:1000 it is not matching the following
>>>> configuration.
>>>>
>>>> frontend http-1000
>>>> bind *:1000
>>>> option httplog
>>>> capture request header Host len 20
>>>> acl is_east hdr(host) -i xxxx.com
>>>
>>> Maybe this helps?
>>>
>>> acl is_east hdr_beg(host) -i xxxx.com
>>>
>>>> use_backend east_bk_1000_read if is_east
>>>>
>>>> My question is how can I print o/p of hdr(host) & is_east to log?
>>>>
>>>> Appreciate your help.
>>>>
>>>> Thanks,
>>>> Praveen.
>>>
>>> Regards
>>> Aleks
>>>
>>
Aleksandar Lazic
Re: 502 Bad Gateway
May 15, 2018 06:50PM
Hi Praveen.

Am 15.05.2018 um 16:28 schrieb UPPALAPATI, PRAVEEN:
> Hi Alek/Haproxy Team,
>
> Any other way to effectively get the https proxy working ?
>
> Currently we are manually adding servers which is putting a limit to get the dynamic nature.

Not with haproxy out of the box afaik, maybe you can use some lua-scripts..

> Thanks,
> Praveen.

Regards
Aleks

> -----Original Message-----
> From: Aleksandar Lazic [mailto:[email protected]]
> Sent: Wednesday, May 09, 2018 6:38 AM
> To: UPPALAPATI, PRAVEEN <[email protected]>
> Cc: haproxy@formilux.org; SIVANANDHAM, THANIGAIVEL <[email protected]>
> Subject: Re: 502 Bad Gateway
>
> Hi Praveen.
>
> Am 09-05-2018 00:25, schrieb UPPALAPATI, PRAVEEN:
>> Hi Aleks,
>>
>> Thanks for the info.
>>
>> Some of the default config we corrected in the prod.
>>
>> Let me clarify you on whatz working and whatz not working for us with
>> option http-proxy
>>
>> Config:
>>
>> listen http_proxy-1000
>> bind *:1000
>> mode http
>> option httplog
>> http-request set-uri
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=p29xLcYDASs3x4Jull7dRenJ5n83VByMzJgUh-as5KE&s=A446uw28K_ENq4r6wM0I8IP1BmfA-kIvREkV-nAa80g&e=
>> option http_proxy
>>
>> reqUrl :
>> http://<haproxyhost>:1000/test/health.txt?redirHost:<destinationServer>:<port>;
>>
>> this gets converted to:
>>
>> http://
>> <destinationServer>:<port>/test/health.txt?redirHost:<destinationServer>:<port>
>
> With blank or without blank?
>
>> This config in the log still says <noserv> but option http_proxy will
>> route to the updated url and I get 200 OK
>>
>> this is our intended behavior and works fine
>
> Cool. Then is the '<NOSRV>' a little bit misleading, at least for me.
>
>> What's not working for us is if we have to do this for https
>>
>> listen http_proxy-1000
>> bind *:1000 ssl test.pem
>> mode http
>> option httplog
>> http-request set-uri
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=p29xLcYDASs3x4Jull7dRenJ5n83VByMzJgUh-as5KE&s=BUzhtM4LAJ_Y8KSJiDEnYdiaFjSV3706amy-DEw693s&e=
>> option http_proxy
>>
>> Hope this helps.
>
> Yes.
>
> In the doc is only the 'http://' schema mentioned, I'm not sure if https
> should work.
> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-234-2Doption-2520http-5Fproxy&d=DwICaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=p29xLcYDASs3x4Jull7dRenJ5n83VByMzJgUh-as5KE&s=LJalrOltyqxtwsl8VWJF1vWhID6jTOLuPQRgiJW37Qw&e=
>
> Sorry for the rush but I can't answer this question.
>
>> Thanks,
>> Praveen.
>
> Best regards
> Aleks
>
>> -----Original Message-----
>> From: Aleksandar Lazic [mailto:[email protected]]
>> Sent: Tuesday, May 08, 2018 4:55 PM
>> To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy@formilux.org
>> Subject: 502 Bad Gateway
>>
>> Hi.
>>
>> Looks like there is some confusion about your question.
>> Let me try to summarize what I think that you could mean.
>>
>> Am 08.05.2018 um 16:22 schrieb UPPALAPATI, PRAVEEN:
>>> Hi Aleks,
>>>
>>> Sorry I missed the group.
>>>
>>> My Full Config:
>>>
>>> #---------------------------------------------------------------------
>>> # Example configuration for a possible web application. See the
>>> # full configuration options online.
>>> #
>>> #
>>> https://urldefense.proofpoint.com/v2/url?u=http-3A__haproxy.1wt.eu_download_1.3_doc_configuration.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=C4BCJfT0RK1be2KQmPIHso7q5thkyKsIk1ouBDtjtaE&e=
>>
>> This should be
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.haproxy.org_download_1.8_doc_configuration.txt&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=q4U8esi96_sOL0XvcAS53n77UDq1oCz3zVhsj6sPHVQ&e=
>> or
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=mVj1QMb_Ass1oDZB-LXh4cJl_3_UTYoRPxNsxQncTNY&e=
>>
>>> #---------------------------------------------------------------------
>>>
>>> #---------------------------------------------------------------------
>>> # Global settings
>>> #---------------------------------------------------------------------
>>> global
>>> log 127.0.0.1:514 local0 info alert
>>> log 127.0.0.1:514 local2 info alert
>>> maxconn 20000
>>> user haproxy
>>> group haproxy
>>> daemon
>>> nbthread 4
>>> ssl-server-verify none
>>>
>>> tune.ssl.default-dh-param 2048
>>>
>>>
>>>
>>> #---------------------------------------------------------------------
>>> # common defaults that all the 'listen' and 'backend' sections will
>>> # use if not designated in their block
>>> #---------------------------------------------------------------------
>>> defaults
>>>
>>> log global
>>> mode http
>>> option dontlognull
>>> rate-limit sessions 6000
>>> timeout connect 300000 # default 10 second time out if a backend
>>> is not found
>>
>> The comment is not true.
>>
>> The current timeout is 300s
>>
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-232.4&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=0go0CAnboRAg0FIQf1rqTaUbPxDeuEfStrtb0ul5Z4k&e=
>>
>>> timeout client 6600000
>>> timeout server 6600000
>> This is 110m ~ 1.8 hours
>>
>>> option http-server-close
>>> maxconn 20000
>>> retries 3
>>>
>>>
>>> listen http_proxy-1000
>>> bind *:1000
>>> mode http
>>> option httplog
>>> http-request set-uri
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=Enzg1AulwX2G4bls9I-eiwsFm-vC1gYMGz0GPEpR89o&e=
>>> option http_proxy
>>> #---------------------------------------------------------------------
>>
>> I miss here the server line.
>>
>>> I also tried :
>>>
>>> listen http_proxy-1000
>>> bind *:1000 ssl crt certs.pem
>>> mode http
>>> option httplog
>>> http-request set-uri
>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=Enzg1AulwX2G4bls9I-eiwsFm-vC1gYMGz0GPEpR89o&e=
>>> option http_proxy
>> Same here.
>>
>> I tried also both configs and have the same result '<NOSRV>' as you
>> have.
>>
>> Your line
>>>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0
>>>> "GET
>> /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>>>>
>>
>> My Test
>> ###
>> May 8 22:52:54 app001 haproxy[5141]: Proxy http_proxy-1000 started.
>> May 8 22:52:59 app001 haproxy[5141]: 127.0.0.1:52046
>> [08/May/2018:22:52:59.177] http_proxy-1000
>> http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0
>> "GET
>> /test/test.txt?Host=www.google.com:80 HTTP/1.1"
>> ###
>>
>> I think that the you need at least ONE server line.
>>
>> I assume you want to set the destination server dynamically based on
>> the query parameter
>> 'Host|idnsredirHost|redirHost', it's not clear which parameter you
>> want, as Shawn mentioned.
>>
>> Maybe you can take a look into the following links.
>>
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__discourse.haproxy.org_t_dynamic-2Dserver-2Dselection_149_2&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=ZRhHfBHC6Uu00ktMxf4fzTwMqKN7YQPjlrES6mBRDA0&e=
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.egnyte.com_blog_2017_04_dynamic-2Dbackends-2Din-2Dhaproxy-2Dwith-2Dlua_&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=YcEYgyPUHsGsau3PttfPLca26yyBLqDGv3onjyiBVtY&e=
>>
>> Is this what you need?
>>
>>>> HAProxy Version :
>>>
>>> //opt/app/haproxy/sbin/haproxy -vv
>>> HA-Proxy version 1.8.4-1deb90d 2018/02/08
>>
>> [snipp]
>>
>>>> Was the acl below helpfull?
>>> Yes and also wanted to know if there is a way to print o/p of :
>>> hdr_beg(host) for debug purposes
>>
>> You can capture the host header the captured one will be displayed in
>> the logs.
>> I don't think that you only can get the result of `hdr_beg(host)`
>> easily, maybe I'm wrong.
>>
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__cbonte.github.io_haproxy-2Ddconv_1.8_configuration.html-234.2-2Dcapture-2520request-2520header&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=z6c842RukY_SP9qpAA7lFdR032fMh2Ko1cj5mxqeLPI&s=3h2iuYZHv2LKLc2sQwlp4kKRyksmDOdijU7C9fLnI7c&e=
>>
>> Config:
>>
>> ```
>> capture request header Host len 15
>> ```
>>
>> ```
>> [email protected]:~$ curl -v
>> 'http://localhost:1000/test/test.txt?Host=www.google.com:80'
>> * Trying 127.0.0.1...
>> * Connected to localhost (127.0.0.1) port 1000 (#0)
>>> GET /test/test.txt?Host=www.google.com:80 HTTP/1.1
>>> Host: localhost:1000
>>> User-Agent: curl/7.47.0
>>> Accept: */*
>>>
>> * HTTP 1.0, assume close after body
>> < HTTP/1.0 400 Bad request
>> < Cache-Control: no-cache
>> <Connection:close> < Content-Type: text/html
>> <
>> <html><body><h1>400 Bad request</h1>
>> Your browser sent an invalid request.
>> </body></html>
>> * Closing connection 0
>>
>> [email protected]:~$ fg
>> sudo tail -f /var/log/haproxy.log
>> May 8 23:37:54 app001 haproxy[8804]: Proxy http_proxy-1000 started.
>> May 8 23:37:58 app001 haproxy[8804]: 127.0.0.1:35988
>> [08/May/2018:23:37:58.074] http_proxy-1000
>> http_proxy-1000/<NOSRV> -1/-1/-1/-1/0 400 187 - - PR-- 1/1/0/0/3 0/0
>> {localhost:1000} "GET
>> /test/test.txt?Host=www.google.com:80 HTTP/1.1"
>> ```
>>
>> Best regards
>>
>> Aleks
>>
>>> Thanks,
>>> Praveen.
>>>
>>> -----Original Message-----
>>> From: Aleksandar Lazic [mailto:[email protected]]
>>> Sent: Tuesday, May 08, 2018 7:40 AM
>>> To: UPPALAPATI, PRAVEEN <[email protected]>; haproxy@formilux.org
>>> Subject: Re: 502 Bad Gateway
>>>
>>> Hi.
>>>
>>> Please post only to the mailing list, thanks.
>>> Please keep the mailinglist in the mail loop => "Answer all".
>>>
>>> Am 08.05.2018 um 07:25 schrieb UPPALAPATI, PRAVEEN:
>>>> Hi Haproxy-Team,
>>>>
>>>> I have the following configuration:
>>>>
>>>> listen http_proxy-1000
>>>> bind *:1000
>>>> mode http
>>>> option httplog
>>>> http-request set-uri
>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
>>>> option http_proxy
>>>
>>> This isn't the whole config, isn't it?
>>>
>>> The 'url_param' does not match the request below, afais.
>>>
>>> Please can you answer the following questions.
>>>
>>> Which HAProxy Version do you use?
>>> What's the whole HAProxy config?
>>> Was the acl below helpfull?
>>>
>>> Regards
>>> Aleks
>>>
>>>> If I issue a request to that port :
>>>>
>>>> https://<haproxyHost>:1000
>>>> /test/test.txt?Host=<desthost>:8093
>>>>
>>>> I get <BadReq>
>>>>
>>>> If I add ssl termination to the config:
>>>>
>>>> listen http_proxy-1000
>>>> bind *:1000 ssl test.pem
>>>> mode http
>>>> option httplog
>>>> http-request set-uri
>>>> https://urldefense.proofpoint.com/v2/url?u=https-3A__-25-5Burl-5Fparam-28redirHost-29-5D-25-5Bcapture.req.uri-5D&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=V0kSKiLhQKpOQLIjj3-g9Q&m=t6xdq_k-rDqDEV6GmhRRj82gitY4t9bgda30YThyHHs&s=6xIYqpeCV09krEHS_i6n3zf7hYuKGEadSHB9ny25O7g&e=
>>>> option http_proxy
>>>>
>>>>
>>>> I get :
>>>> http-9876~ bk_9876/<NOSRV> 0/0/1/-1/2 502 211 - - PH-- 1/1/0/0/0 0/0
>>>> "GET /test/test.txt?idnsredirHost=<destinationhost>:5300 HTTP/1.1"
>>>>
>>>> I have also set :
>>>>
>>>> ssl-server-verify none
>>>>
>>>> @global still no luck.
>>>>
>>>> Let me know if I am missing anything .
>>>>
>>>> Thanks,
>>>> Praveen.
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Aleksandar Lazic [mailto:[email protected]]
>>>> Sent: Tuesday, May 01, 2018 7:22 AM
>>>> To: UPPALAPATI, PRAVEEN <[email protected]>; Willy Tarreau <[email protected]>
>>>> Cc: Olivier Houchard <[email protected]>; haproxy@formilux.org
>>>> Subject: Re: Logging Question
>>>>
>>>> Hi.
>>>>
>>>> Am 30.04.2018 um 19:05 schrieb UPPALAPATI, PRAVEEN:
>>>>>
>>>>> Hi Willy/Oliver,
>>>>>
>>>>> One small question:
>>>>>
>>>>> When I capture the header it's returning xxxx.com in the log but
>>>>> when I perform Get on xxxx.com:1000 it is not matching the following
>>>>> configuration.
>>>>>
>>>>> frontend http-1000
>>>>> bind *:1000
>>>>> option httplog
>>>>> capture request header Host len 20
>>>>> acl is_east hdr(host) -i xxxx.com
>>>>
>>>> Maybe this helps?
>>>>
>>>> acl is_east hdr_beg(host) -i xxxx.com
>>>>
>>>>> use_backend east_bk_1000_read if is_east
>>>>>
>>>>> My question is how can I print o/p of hdr(host) & is_east to log?
>>>>>
>>>>> Appreciate your help.
>>>>>
>>>>> Thanks,
>>>>> Praveen.
>>>>
>>>> Regards
>>>> Aleks
Sorry, only registered users may post in this forum.

Click here to login