0

I am using haproxy in front of my web-server for ssl termination.

I am forwarding request on port 81 if request is https and 80 if request is normal http- 

backend b1_http
    mode http
    server bkend_server


backend b1_https
    mode http
    server bkend_server:81

Problem is, when haproxy sends request to back-end, it sends HTTP_HOST header as request.domain.com:81.

Is it possible in haproxy that I can send https request to back-end at specific port without appending the port in HTTP_HOST request header?

Improve this question

1 Answer 1

Reset to default
1

There are two issues, here.

First, there is no HTTP_HOST header. The header is Host:. It sounds like HTTP_HOST is something being generated internally by your web server or framework.

Second, HAProxy doesn't modify the Host: header just because your back-end is listening on a port other than 80. It doesn't actually modify the Host: header at all, unless explicit configured to, using a mechanism like reqirep ^Host: ... or http-request set-header host ....

You can confirm this with a packet capture. You should find that whatever HTTP_HOST is, the value is necessarily being generated internally on the back-end system itself, because it's not coming from HAProxy.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Thanks, you were correct. There is nothing like HTTP_HOST header sent by haproxy, it was internal.
But when the request is sent to some backend like bkend_server:123, the http request received at backend was abc.domain.com:123, [i understand it's standard convention (host:port) to send request] which earlier with elb was abc.domain.com, if backend port was 123 or any port. I wasn't doing any explicit configuration. What else can be the cause that it behaving in that way. =====. I've logged request in IIS under cs-host was like abc.domain.com:port when request was passed via haproxy and abc.domain.com when passed via elastic loadbalancer.
The browser should append the port to the hostname, but only when it is not :80 for http or not :443 for https. I have never seen ELB nor HAProxy autonomously append a port number, regardless of the actual back-end port. Was ELB hitting 81 just like HAProxy?
I was also surprised to see this behavior, i wasn't expecting it either. Both elb and haproxy are hitting 81 port, but request via haproxy hits IIS as ab.domain.com:81 and via ELB as 'abc.domain.com`
What version of HAProxy? What web server is on the back-end? What port is the front-end listening on (443 I assume)?
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.