Redirect

HAProxy:阻止子域重定向到 https

  • October 23, 2014

編輯我的 haproxy 配置後。我所有的子域現在都重定向到 https。我只希望我的 domain.com 重定向到 https 而不是我的子域。我該如何阻止這個?下面是我的重定向腳本。

更新

global

 log /dev/log    local0
 log /dev/log    local1 notice
 chroot /var/lib/haproxy

 user haproxy
 group haproxy
 daemon

 ca-base /ssl
 crt-base /ssl

 ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

defaults

 log global
 mode http

 option  httplog
 option  redispatch
 option  forwardfor
 option  dontlognull
 option  http-server-close

 timeout connect 5s
 timeout client 30s
 timeout server 30s
 timeout tunnel 1h

frontend public-front

 bind *:80
 redirect scheme https if !{ ssl_fc }

 bind *:443 ssl crt domain.com.pem 
 use_backend some-back if { path_beg /somepath/ }

 default_backend default-back

backend some-back

 reqadd X-Forwarded-Proto:\ https
 balance leastconn
 option httpchk GET /somepath
 timeout check 500ms

 server some-back someback.domain.com:443 check-ssl ssl ca-file domain.com.pem inter 500ms

backend default-back

 reqadd X-Forwarded-Proto:\ https
 balance leastconn
 option httpchk GET
 timeout check 500ms

 server default-back 127.0.0.1:8080 check-ssl ssl ca-file domain.com.pem inter 500ms

frontend stats-front

 bind :8888 ssl crt domain.com.pem
 default_backend stats-back

backend stats-back

 stats enable
 stats hide-version
 stats realm Haproxy\ Statistics
 stats uri /statistics
 stats auth admin:password

我使用https://domain.com作為我的首頁,裸或沒有 www,這指向 haproxy

我將http://sub.domain.com用於其他事情,但在訪問首頁後會重定向到 https。

HA-Proxy 版本 1.5.4 2014/09/02

redirect scheme https if !{ ssl_fc }您的“公共前端”前端中刪除並將其替換為:

redirect scheme https if { hdr(Host) -i domain.com } !{ ssl_fc}
redirect scheme https if { hdr(Host) -i www.domain.com } !{ ssl_fc}

應該做你想做的。這些 URL 將重定向:

www.domain.com/

domain.com/

www.domain.com/someotherdirectory/

domain.com/thisisapage.html

這些不會:

www2.domain.com

sub.domain.com

www.sub.domain.com

引用自:https://serverfault.com/questions/638741