HAProxy redirect based on path?

Question

I need to redirect certain paths to https - frontend secured The reason for this is that i want certain parts of my web application to only be allowed to run over https.

I've figured out how to redirect all traffic by changing my HAproxy conf like this:

  frontend unsecured *:80
      #timeout     client 86400000
      #redirect    prefix http://domain.com code 301

      mode http
      timeout client 120s

But how can i configure it to only redirect certain sub-folder on my domain?

What i would like is to redirect only the following URLs:

http://domain.com/info
http://domain.com/echo
http://domain.com/broadcast
http://domain.com/close
http://domain.com/probe
http://domain.com/cd* (wildcard)

Is this possible?

Answer 1

You should use acl to match you criteria.

frontend unsecured *:80
    acl is-unsecure-path01 path_beg /info
    acl is-unsecure-path02 path_beg /echo
    acl is-unsecure-path03 path_beg /broadcast
    acl is-unsecure-path04 path_beg /close
    acl is-unsecure-path05 path_beg /probe
    acl is-unsecure-path06 path_beg /cd

    use_backend application-backend if is-unsecure-path01
    use_backend application-backend if is-unsecure-path02
    use_backend application-backend if is-unsecure-path03
    use_backend application-backend if is-unsecure-path04
    use_backend application-backend if is-unsecure-path05
    use_backend application-backend if is-unsecure-path06

backend application-backend
    redirect scheme https if !{ ssl_fc }

Answer 2

This one should do the trick

frontend http
    bind *:80
    acl is-secure path_reg ^\/(info|echo|close|cd.*)
    redirect scheme https code 301 if is-secure !{ ssl_fc }
    use_backend the-app unless is-secure

frontend https
    bind *:443 ssl crt /usr/local/etc/haproxy/ssl
    use_backend the-app

backend the-app
    server account-1 account:80 check

NOTE: Change the SSL cert path on your app.