Le 07/06/2021 à 17:22, Jarno Huuskonen a écrit : > Hello, > > On Mon, 2021-06-07 at 16:46 +0200, Artur wrote: >> Hello, >> >> I'm currently running haproxy 2.4.0 and I can see something strange in >> the way haproxy selects a backend for processing some requests. >> >> This is simplified frontend configuration that should select between >> static and dynamic (websocket) content URIs based on path_beg. >> >> frontend wwws >> bind 0.0.0.0:443 ssl crt /etc/haproxy/ssl/server.pem alpn >> h2,http/1.1 >> mode http >> >> acl is_static_prod31 path_beg /p31/ >> acl is_dynamic_prod31 path_beg /n/p31/ >> acl is_domain_name hdr(host) -i domain.name >> >> use_backend ws_be_prod31 if is_dynamic_prod31 is_domain_name >> use_backend www_be_prod if is_static_prod31 is_domain_name >> >> default_backend www_be_prod >> >> What I can see in logs is that some requests are correctly processed and >> redirected to dynamic backends (websockets servers) for processing : >> >> Jun 7 15:44:41 host haproxy[9384]: 1.2.3.4:56952 >> [07/Jun/2021:15:43:31.926] wwws~ ws_be_prod31/s1 5/0/1/3/70015 101 421 - >> - --VN 34/34/27/8/0 0/0 "GET https://domain.name/n/p31/socket.io/... >> HTTP/2.0" >> >> While others are wrongly processed by the static web server : >> >> Jun 7 15:50:06 host haproxy[9384]: 1.2.3.4:61037 >> [07/Jun/2021:15:50:06.157] wwws~ www_be_prod/web1 6/0/1/1/7 404 9318 - - >> ---- 34/34/0/0/0 0/0 "GET https://domain.name:443/n/p31/socket.io/... >> HTTP/2.0" >> >> However the only difference is the 443 port explicitly specified in the >> later request. >> I am not sure it's something specific to 2.4.0, but I've never seen it >> before. >> Is it an expected behaviour ? If so, how can I change my acls to correct >> it ? > Does it work if you use > hdr_dom(https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#7.3.6-req.hdr) > for the host header acl: > (acl is_domain_name hdr_dom(host) -i domain.name) > (or some other match that ignores port in Host header). > > -Jarno
Yes, it seems to work fine now. Thank you. I realized the port number is part of Host: header if explicitly specified in request. However as in my setup (removed part) I also have to check for dev* hostnames I would like to know the exact hdr_dom(host) behaviour. With this example : acl acl1 hdr_dom(host) -i domain.name 1) Host: domain.name:443 -> acl1 matches 2) Host: dimain.name -> acl1 matches 3) Host: dev.domain.name:443 -> acl1 does not match 4) Host: dev.domain.name -> acl1 does not match Am I right ? (I suppose I can also use hdr_beg(host) to check for the beginning of the hostname) -- Best regards, Artur
