stats page redirecting to https

Wed, 20 Apr 2016 11:46:31 -0700 

I have this in my config:

listen stats 0.0.0.0:8080
        description The stats listener.
        stats uri /

Elsewhere in my config I have something that will redirect http requests
to the hostname spark.REDACTED.com over to https, which is not anything
unusual.  The IP address for this hostname is a VIP that is handled with
pacemaker.

The problem is that if I try to go to http://spark.REDACTED.com:8080/
... this is redirected to https://spark.REDACTED.com:8080/ ... and I get
this in the log:

Apr 20 12:26:54 localhost haproxy[6629]: 10.2.0.108:49435
[20/Apr/2016:12:26:54.617] stats stats/<NOSRV> -1/-1/-1/-1/0 400 187 - -
PR-- 3/0/0/0/1 0/0 "<BADREQ>"

The entire config for the listener is above -- no redirection.  There is
nothing else in the config or on the machine that listens on port 8080.

What have I done wrong?  I have another haproxy pair that doesn't do
this, running the same version with similar HTTPS redirects.  I don't
see any differences in the config that might cause this.

I can access the stats URL using the actual machine hostname, but if the
machine fails and pacemaker moves everything to the other machine, that
won't work.  I want to be able to give our staff a URL that will work
regardless of which machine in the load balancer pair is active.

Thanks,
Shawn


------------------

HA-Proxy version 1.5.12 2015/05/02
Copyright 2000-2015 Willy Tarreau <w...@1wt.eu>

Build options :
  TARGET  = linux2628
  CPU     = native
  CC      = gcc
  CFLAGS  = -O2 -march=native -g -fno-strict-aliasing
  OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200

Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.2a 19 Mar 2015
Running on OpenSSL version : OpenSSL 1.0.2a 19 Mar 2015
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.31 2012-07-06
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT
IPV6_TRANSPARENT IP_FREEBIND

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Linux lb3 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014
x86_64 x86_64 x86_64 GNU/Linux

Reply via email to