Develop Reference

HAProxy with multiple backends without conditions

I would like to use HAProxy to forward an inbound request to two servers, an old one and a new one, depending on which one is up and running, or randomly if both of them are up.
If the request hits the new server I also need a request rewrite with a special path (hence the http-request below):
frontend myservice
bind:1111
use_backend back-a
use_backend back-b
backend back-a
server back-0 hostname_old:2222 check
backend back-b
http-request set-path /special-path/%[path]
server back-1 hostname_new:443 check-ssl ssl verify none
If the hostname_old is down I would like the request to be forwarded to hostname_new, and viceversa.
However with the configuration above only the first use_backend is used.
So if hostname_old is down I get an error.
If hostname_old is up it works.
Similarly if I swap back-a with back-b I only get a reply when hostname_new is up, otherwise I get an error.
Any ideas how I can get it to forward the request to back-a or back-b depending on which one is up and running?

It looks like A/B testing.
We will need nbsrv, rand, checking server state and probably cookies to stick to the randomly chosen backend with the help of http-request set-var with txn (request and response) scope.
Below i describe config lines relevant to the A/B testing:
acl cookie_backend_a req.cook(backend) a - is there a cookie named backend telling us with value a?
acl backend_up_a nbsrv(backend-a) gt 0 - check number of working servers in backend-a and assume that more than 0 is good enough
acl rand_20 rand(100) ge 20 - roll 0-99 and return true if >= 20, so 80% chance to use this, tweak as desired
http-request set-var(txn.backend) req.cook(backend) - store request cookie for response processing
use_backend backend-a if backend_up_a cookie_backend_a - use backend-a if it is up and we have cookie for it
use_backend backend-a if backend_up_a backend_up_b rand_20 - no cookie, both backends up and we rolled >=20 so go to backend-a
use_backend backend-b if backend_up_a backend_up_b - both backends up, but roll failed, so haproxy goes to next config line and chooses backend-b
use_backend backend-a if backend_up_a - no cookie, only one backend up, so go to working one
default_backend maint - you may want to send clients somewhere else when both backends are down
acl cookie_backend_a var(txn.backend) a - i put this ACL in backends, we check cookie value for our backend, but this is for http-response
http-response add-header set-cookie "backend=a; path=/" unless cookie_backend_a - add set-cookie header, which will bind our client to this backend if they didn't have cookie before and rolled into this backend
All put together below:
frontend foo
bind *:1080
acl cookie_backend_a req.cook(backend) a
acl cookie_backend_b req.cook(backend) b
acl backend_up_a nbsrv(backend-a) gt 0
acl backend_up_b nbsrv(backend-b) gt 0
acl rand_20 rand(100) ge 20
http-request set-var(txn.backend) req.cook(backend)
use_backend backend-a if backend_up_a cookie_backend_a
use_backend backend-b if backend_up_b cookie_backend_b
use_backend backend-a if backend_up_a backend_up_b rand_20
use_backend backend-b if backend_up_a backend_up_b
use_backend backend-a if backend_up_a
use_backend backend-b if backend_up_b
default_backend maint
backend backend-a
acl cookie_backend_a var(txn.backend) a
option httpchk
http-check send meth HEAD uri / ver HTTP/1.1 hdr host localhost
http-response add-header set-cookie "backend=a; path=/" unless cookie_backend_a
server a 127.0.0.1:80 check
backend backend-b
acl cookie_backend_b var(txn.backend) b
option httpchk
http-check send meth HEAD uri / ver HTTP/1.1 hdr host localhost
http-response add-header set-cookie "backend=b; path=/" unless cookie_backend_b
server b 127.0.0.1:81 check
backend maint
(...)
In the backend sections you can tweak request as you did in your question and whatever else you need.
In this config if the client had cookie for backend-a, but it's down, then he goes to backend-b, gets its cookie and stays there until backend-b fails or cookie expires (which i didn't set up in this config). Tweak as needed.

Laravel force http to https redirect but caused "too many redirects"

I have a Saas product which allows my end-user to bind their own domain to manage their products but I encountered an issue when I try to redirect those requests that is originally not requested by "http" to "https", the site will return "too many request redirection". Meanwhile, I do not want to configure port 443 into my nginx configuration as some of scenario, some of the request path might not need to neccessary to have "https". If I configured the force redirection in nginx which means all the request must served under "https" which might leads all of the request path is served via "https" but what I want to achieve is only some of the request path served under https only.
Below is the code that used to achieve the force redirection from http to https
if (!$request->secure()) {
return redirect()->secure($request->path());
}

ssl error getting :you are not passing header at backend laravel

I have developed an api in laravel and then there is no ssl certificate installed and all working good. But after some time, I have install ssl certificate but now the api's not working in my mobile app but it's working in postman.
the response getting from you have not passed any header but in actual I have passed header.
I have just made one changes http->> https in url.

You would need to update the code in your mobile app to point to https, instead of http.
If you are hosting your API with Nginx, you can redirect HTTP -> HTTPS requests by modifying your config such as:
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
This will automatically redirect any HTTP request to its SSL equivalent.

Using Cloudfront as a HAProxy backend server with https

I have a CloudFront resource sitting in front of my S3 bucket. It's accessible at —
https://<id>.cloudfront.net
but if I hit —
<id>.cloudfront.net:443
I get a 400 Bad Request. I want to point to CloudFront in my HAProxy configuration, but I can't use the 443 port because of the above-mentioned issue. Nor can I use the https URL protocol in the server statement.
backend my_cloudfront_app
http-response set-header Strict-Transport-Security max-age=31536000
server my_server <id>.cloudfront.net:443
How can I hit HTTPS cloudfront from this server block in HAProxy?

I assume You will need to add some infos to the request headers for the cloudfront backend.
This example works with HAProxy 2.0
backend my_cloudfront_app
http-response set-header Strict-Transport-Security max-age=31536000
# Add backend header for cloudfront backend request
http-request set-header Host <id>.cloudfront.net
# maybe you will need to add a S3 prefix to the request path
# http-request set-path <CLOUDFRONT_S3_Prefix>%[path]
server my_server <id>.cloudfront.net:443 sni str(<id>.cloudfront.net) ssl verify none

Jmeter sending 2 requests for each GET request

I am doing load testing for one website. Website actual address is configured with SSL so it is something like https://www.example.com
When I start load testing for pages with GET requests , Jmeter is sending 2 requests for each page, one with Http & second is Https. So I get in listener like this :
http://www.example.com
https://www.example.com
How can I tell to jmeter that site has only version with https so do not send request with http.

You need to add 'https' in the protocol section.

Its like if you hit your URL i.e. "https://www.example.com" by replacing "https" with "http" it will redirect to you "https" by default
Similar way if you not mentioned any protocol in your "HTTP REQUEST" it will take default value i.e. "http", and in listener you see both URL.
For making that it will hit only the "https" URL you need to put "https" in Protocol text box.
Refer the below snapshot:-