Hi, I just updated my haproxy to the current HEAD (08289f12f9a13ea06cf4a16a1211e82e003af218). I now have acl issues: the hdr_dom matching seems to be ignored. This was working perfectly fine with the previous build I used (1bc4aab2902d732530ccbd098d30e519aab3abdd)
The configuration is quite simple and basic here. See attached. I should see the stats page from https://haproxy.xwing.info/, but... not anymore with this new build, and the request is passed to the backend. Did I miss something ? Nota: I did not yet started to bissect. I will do it later if it helps. Thanks ! -- Guillaume Castagnino ca...@xwing.info / guilla...@castagnino.org
global log 127.0.0.1 local0 maxconn 2000 user haproxy group haproxy daemon stats socket /var/run/haproxy.sock level admin mode 600 stats timeout 1d #debug #quiet defaults log global option dontlognull retries 3 option redispatch option splice-auto maxconn 2000 timeout connect 3s timeout client 5s timeout server 60s timeout queue 30s timeout tarpit 30s timeout http-request 3s ############ # Backends # ############ # all the vhosts are here backend back-http balance roundrobin mode http option http-server-close option abortonclose option forwardfor header X-Client option httpchk HEAD /server-status HTTP/1.0 cookie SERVERID insert nocache indirect server coruscant 127.0.0.1:8080 maxconn 100 cookie pool1 check inter 5000 rise 2 fall 2 # dev debian virtual machine backend back-dev-debian balance roundrobin mode http option http-server-close option abortonclose option forwardfor header X-Client option httpchk HEAD / HTTP/1.0 cookie SERVERID insert nocache indirect server dev-debian dev.castagnino.org:80 maxconn 50 cookie pool1 check inter 5000 rise 2 fall 2 backend back-stats mode http stats uri / stats auth XXXX:YYYY ############# # Frontends # ############# # the plain http frontend. Do content switching between dev backend and redirector backend frontend front-webapp bind :::80 mode http option httplog acl dev-debian-vhost hdr_dom(Host) -i dev.castagnino.org www.pirouette-et-compagnie.com fif-dev prestashop # ssl upgrade redirect scheme https code 301 unless dev-debian-vhost # switch backend use_backend back-dev-debian if dev-debian-vhost # the https frontend frontend front-webapp-ssl bind :::443 ssl crt /etc/ssl/startssl/haproxy/xwing.info.pem crt /etc/ssl/startssl/haproxy/ ecdhe prime256v1 ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH mode http option httplog acl front-webapp-dead nbsrv(back-http) eq 0 acl stats-vhost hdr_dom(Host) -i haproxy.xwing.info monitor-uri /status monitor fail if front-webapp-dead # prevent clickjacking rspadd X-Frame-Options:\ SAMEORIGIN # full https => do STS rspadd Strict-Transport-Security:\ max-age=31536000 # switch backend use_backend back-stats if stats-vhost default_backend back-http # vim: ft=haproxy