Hello, On Mon, 2021-06-07 at 16:46 +0200, Artur wrote: > Hello, > > I'm currently running haproxy 2.4.0 and I can see something strange in > the way haproxy selects a backend for processing some requests. > > This is simplified frontend configuration that should select between > static and dynamic (websocket) content URIs based on path_beg. > > frontend wwws > bind 0.0.0.0:443 ssl crt /etc/haproxy/ssl/server.pem alpn > h2,http/1.1 > mode http > > acl is_static_prod31 path_beg /p31/ > acl is_dynamic_prod31 path_beg /n/p31/ > acl is_domain_name hdr(host) -i domain.name > > use_backend ws_be_prod31 if is_dynamic_prod31 is_domain_name > use_backend www_be_prod if is_static_prod31 is_domain_name > > default_backend www_be_prod > > What I can see in logs is that some requests are correctly processed and > redirected to dynamic backends (websockets servers) for processing : > > Jun 7 15:44:41 host haproxy[9384]: 1.2.3.4:56952 > [07/Jun/2021:15:43:31.926] wwws~ ws_be_prod31/s1 5/0/1/3/70015 101 421 - > - --VN 34/34/27/8/0 0/0 "GET https://domain.name/n/p31/socket.io/... > HTTP/2.0" > > While others are wrongly processed by the static web server : > > Jun 7 15:50:06 host haproxy[9384]: 1.2.3.4:61037 > [07/Jun/2021:15:50:06.157] wwws~ www_be_prod/web1 6/0/1/1/7 404 9318 - - > ---- 34/34/0/0/0 0/0 "GET https://domain.name:443/n/p31/socket.io/... > HTTP/2.0" > > However the only difference is the 443 port explicitly specified in the > later request. > I am not sure it's something specific to 2.4.0, but I've never seen it > before. > Is it an expected behaviour ? If so, how can I change my acls to correct > it ?
Does it work if you use hdr_dom(https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#7.3.6-req.hdr) for the host header acl: (acl is_domain_name hdr_dom(host) -i domain.name) (or some other match that ignores port in Host header). -Jarno -- Jarno Huuskonen