haproxy : http frontend to https backend

Question

This is the exact same question as http request to https request using haproxy

However, the accepted answer does not work for me and I dont understand why

haproxy.cfg:

global
  daemon
  maxconn 15
  defaults
  mode tcp
  balance first

frontend google
  bind *:10005
  default_backend google-url

backend google-url
  server xxx google.com:443 ssl verify none

when I call curl --location --request GET 'http://localhost:10005', I receive a response that comes from google but with a 404 status

The requested URL / was not found on this server. That’s all we know.

I tried both mode tcp and mode http, same result

If I activate the logs with

  mode http
  bind *:10005
  default_backend google-url  
  option httplog
  log stdout format raw local0

I have this

  127.0.0.1:52588 [16/Jun/2022:08:24:49.976] google google-url/xxx 0/0/49/20/69 404 1884 - - ---- 2/2/0/0/0 0/0 "GET / HTTP/1.1"
  127.0.0.1:52588 [16/Jun/2022:08:24:49.938] google google/<NOSRV> -1/-1/-1/-1/1038 400 0 - - CR-- 2/2/0/0/0 0/0 "<BADREQ>"

In case this has some impact, I'm running haproxy in kubernetes and then I "port-forward" 10005 (but this does not seem to be the issue because the logs demonstrate that haproxy is correctly receiving the request and using the correct backend...)

Answer 1

Your curent HAProxy configuration will accept your request:

curl --location --request GET 'http://localhost:10005' (corresponds to the first log entry)

and proxy it to Google as:

curl --location -H 'Host: localhost' --request GET 'https://www.google.com/' (note the Host header implied; I bet this is not what you'd expect).

Google will respond with 404 and HAProxy will log the BADREQ.

This happens because HAProxy can't infer that when client request's Host header is localhost it should re-write it to google.com (or better: www.google.com) simply because it proxies to a host with that name.

You need to configure:

backend google-url
  server xxx google.com:443 ssl verify none
  http-request set-header host www.google.com