-
-
Save xelwarto/ac4f8b43e4194355082c to your computer and use it in GitHub Desktop.
global | |
chroot /var/lib/haproxy | |
crt-base /etc/pki/tls/certs | |
daemon | |
group haproxy | |
log 127.0.0.1 local0 | |
maxconn 2000 | |
pidfile /var/run/haproxy.pid | |
stats socket /var/lib/haproxy/stats | |
tune.ssl.default-dh-param 2048 | |
user haproxy | |
defaults | |
log global | |
maxconn 2000 | |
mode http | |
option redispatch | |
option forwardfor | |
option http-server-close | |
retries 3 | |
timeout http-request 10s | |
timeout queue 1m | |
timeout connect 10s | |
timeout client 1m | |
timeout server 1m | |
timeout check 10s | |
frontend jenkins | |
bind *:443 no-sslv3 ssl crt jenkins-ci.cert | |
bind *:80 | |
default_backend jenkins-mstr | |
redirect location https://jenkins.my.domain/ if !{ ssl_fc } | |
reqadd X-Forwarded-Proto:\ http | |
backend jenkins-mstr | |
balance roundrobin | |
http-request set-header Host 127.0.0.1:8080 | |
reqirep ^([^\ \t:]*:)\ https://jenkins.my.domain/(.*) \1\ http://127.0.0.1:8080/\2 | |
rspirep ^([^\ \t:]*:)\ http://127.0.0.1:8080/(.*) \1\ https://jenkins.my.domain/\2 | |
server jenkins01 127.0.0.1:8080 check |
@MAnasKhalid and @persus - I appreciate your feedback, however it has been a long while since I have worked with this and if this config is no longer relevant, I may just remove it. I am not sure if I will have the time but I may try to replicate the issue you reported; can you provide details on your setup ... software versions, setup, configurations, etc.
I'm running HAProxy 2.2 on a Debian 11 server as reverse proxy (HA-Proxy version 2.2.9-2+deb11u3 2022/03/10).
Behind it I'm running Jenkins 2.332.3 on another Debian 11 server.
The goal is to get Jenkins accessible via a subdomain (e.g. https://jenkins.example.com).
The SSL-configuraiton is valid since it works for other services quite well.
This is my standard frontend config of HAProxy
frontend https
# Binds
bind *:80
bind *:443 ssl crt /etc/ssl/private/example.com.cert.pem
redirect scheme https code 301 if !{ ssl_fc }
# Mode
mode http
option http-server-close
http-request set-header X-Forwarded-For %[src]
use_backend jenkins_srvc if { hdr(host) -i jenkins.example.com }
And now I'm struggling to get the backend configuration working
Thank you very much in advance
Oh I found it. Here is the proper backend configuration for the frontend configuration I posted above:
backend jenkins_srvc
option forwardfor
mode http
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Host %[req.hdr(Host)]
server cicd01 10.1.1.39:8080 check
I would as well appreciate a sample configuration for HAProxy 2.2