Hi Michael, On Thu, Nov 24, 2016 at 1:14 AM, Michael Ezzell <[email protected]> wrote:
> On Nov 22, 2016 5:37 AM, "Jonathan Opperman" <[email protected]> wrote: > > > I want http://foo.bar.bin/blah.com to redirect to > http://foo-bar-bin.blah.com > > > > I want that last dash-domain to also redirect to SSL. > > The context of the rest of the message suggests that your first example > should have been a dot where you showed a slash, but perhaps not. Please > clarify, which are we talking about? > > This? > > my.site.example.net/example.com -> my-site-example-net.example com > This, is this do-able? It will be different domains, and different level sub domains but they will utimately end up with using *.example.com *.example2.com certificates that terminate on the haproxy server. http://my.site.example.com/example.com --> http://my-site.example.com http://my.other.site.example.com/example.com <http://my.site.example.com/example.com> --> http://my-other-site.example.com <http://my-site.example.com/> Or this? > > my.site.example.net.example.com -> my-site-example-net.example.com > > > The order is important. Browsers recently started doing their SSL check > BEFORE the redirects, so we are getting security warnings. > > Um. I don't think that's a new thing. It isn't possible to send a > request and get a redirect response before validating the SSL cert, and it > hasn't been... so unless I misunderstand, it's not exactly clear what you > are saying has changed. > > Obviously, though, you seem to be saying "don't send to https in one > redirect and expect to rewrite the hostname in the next." Sensible enough. > > If you're talking about just redirecting to a rewritten host with some > character replacement, that's accomplished easily enough in 1.6. > > > http-request redirect location https://%[hdr(host),regsub(\.e > xample\.com$,),regsub(\.,-,g)].example.com%[capture.req.uri] if { > hdr_reg(host) -i .+\..+\.example\.com$ } > > If the Host header matches the regex -- that is, if it ends with . > example.com and contains at least one literal "." previous to that, then > redirect to "https://"; + the original host header with .example.com > removed from the end, then the rest of the "." replaced with "-" + ". > example.com" + the captured request uri, which is path + query string. > > > $ > curl -v 'http://my.test.here.example.com/some/path?query=1&works=1' > > < HTTP/1.1 302 Found > < Location: https://my-test-here.example.com/some/path?query=1&works=1 > > This also has the desired behavior if the request is already https. > > On the other hand, if you actually needed something like this... > > > my.site.example.net/example.com -> my-site-example-net.example co > > m > > ...that is an odd use case, but it can be done... though more > information is needed about what should happen to the rest of the path and > whether there's more than one domain expected after the "/". > Thanks for this, i've tested and mine for some reason looks like the one you suggest on the other hand: * Rebuilt URL to: www.test.1.example.com/ * Trying x.x.x.x... * Connected to www.test.1.example.com (x.x.x.x) port 80 (#0) > GET / HTTP/1.1 > Host: www.test.1.example.com > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 302 Found < Cache-Control: no-cache < Content-length: 0 < Location: https://www-test-1-example.com.example.com/ < Connection: close < * Closing connection 0 Thanks once again, appreciate the assistance. Regards, Jono
