I wanted to mention something I just setup at work. The just of this involves the need to support shortnames/searchdomains. This allows a user to type in "bugzilla/" in their browser instead of a FQDN i.e. "bugzilla.example.com". Of course, the DNS search domain of "example.com" must be configured (either manually or via DHCP).

Enter hdr_beg(host)

Using HAProxy, we can actually do one of three things relating to the host header (there are more, but these are the ones we care about):

  • hdr_beg(host) - Check the beginning of the host field in the HTTP header for a sting. i.e. www

  • hdr_end(host) - Look for a specific string which the host field ends with. i.e. example.com

  • hdr(host) - Compare the entire host field with a string. i.e. bugzilla.example.com

This tells us that we could just use hdr_beg(host) to search for "bugzilla" and respond with our backend, or redirect.

Intelligent Redirection

We generally always redirect permanently around the office. A standard 301 is simple and understood by virtually every HTTP client in existence.

So in HAProxy, under my http *:80 section, I would define a redirect line like this:

redirect location https://bugzilla.example.net code 301 if { hdr_beg(host) -i bugzilla } !{ ssl_fc }  

Basically, if the host field in the header [which is always what the user typed into their url bar, minus the uri (/cake.png)] begins with "bugzilla", then we redirect them to the secure port to continue accessing the site.

A few notes here:

  • You can't redirect on SSL listening ports if HAProxy isn't handling termination. If it is, this should be no problem :)

  • There are other forms of redirection in haproxy.

  • In HAProxy if statements, you can always define multiple cases to match against. See here for more.

Blog Logo

Mario Loria


Published

Image

./scriptthe.net

Because 127.0.0.1 gets old after a while.

Back to Overview