-
-
Save xelwarto/ac4f8b43e4194355082c to your computer and use it in GitHub Desktop.
| global | |
| chroot /var/lib/haproxy | |
| crt-base /etc/pki/tls/certs | |
| daemon | |
| group haproxy | |
| log 127.0.0.1 local0 | |
| maxconn 2000 | |
| pidfile /var/run/haproxy.pid | |
| stats socket /var/lib/haproxy/stats | |
| tune.ssl.default-dh-param 2048 | |
| user haproxy | |
| defaults | |
| log global | |
| maxconn 2000 | |
| mode http | |
| option redispatch | |
| option forwardfor | |
| option http-server-close | |
| retries 3 | |
| timeout http-request 10s | |
| timeout queue 1m | |
| timeout connect 10s | |
| timeout client 1m | |
| timeout server 1m | |
| timeout check 10s | |
| frontend jenkins | |
| bind *:443 no-sslv3 ssl crt jenkins-ci.cert | |
| bind *:80 | |
| default_backend jenkins-mstr | |
| redirect location https://jenkins.my.domain/ if !{ ssl_fc } | |
| reqadd X-Forwarded-Proto:\ http | |
| backend jenkins-mstr | |
| balance roundrobin | |
| http-request set-header Host 127.0.0.1:8080 | |
| reqirep ^([^\ \t:]*:)\ https://jenkins.my.domain/(.*) \1\ http://127.0.0.1:8080/\2 | |
| rspirep ^([^\ \t:]*:)\ http://127.0.0.1:8080/(.*) \1\ https://jenkins.my.domain/\2 | |
| server jenkins01 127.0.0.1:8080 check |
I would as well appreciate a sample configuration for HAProxy 2.2
@MAnasKhalid and @persus - I appreciate your feedback, however it has been a long while since I have worked with this and if this config is no longer relevant, I may just remove it. I am not sure if I will have the time but I may try to replicate the issue you reported; can you provide details on your setup ... software versions, setup, configurations, etc.
I'm running HAProxy 2.2 on a Debian 11 server as reverse proxy (HA-Proxy version 2.2.9-2+deb11u3 2022/03/10).
Behind it I'm running Jenkins 2.332.3 on another Debian 11 server.
The goal is to get Jenkins accessible via a subdomain (e.g. https://jenkins.example.com).
The SSL-configuraiton is valid since it works for other services quite well.
This is my standard frontend config of HAProxy
frontend https
# Binds
bind *:80
bind *:443 ssl crt /etc/ssl/private/example.com.cert.pem
redirect scheme https code 301 if !{ ssl_fc }
# Mode
mode http
option http-server-close
http-request set-header X-Forwarded-For %[src]
use_backend jenkins_srvc if { hdr(host) -i jenkins.example.com }
And now I'm struggling to get the backend configuration working
Thank you very much in advance
Oh I found it. Here is the proper backend configuration for the frontend configuration I posted above:
backend jenkins_srvc
option forwardfor
mode http
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
server cicd01 10.1.1.39:8080 check
These configurations dont work in haproxy 2.5 version. Any help?