HAProxy - Shorten URL

nfld.republic · February 24, 2025, 11:13pm

Hi Folks - I am back to pulling my hair out in trying to get HAProxy to do this simple thing:

Internal URL http://192.168.10.250/axis-cgi/mjpg/
External URL https://livewx.pelleys.com - removes the path

I have tried in Backend pass thru:

http-request replace-uri ^/(.*) /axis-cgi/mjpg/\1 - doesn’t work, ends up in users’ browser trying to go to http://192.168.10.250/axis-cgi/mjpg/ (obviously not going to work from the Internet)
http-request set-path /axis-cgi/mjpg/ - doesn’t work, 503 error

There is a second site, no rewriting/shortening required, that works just fine; e.g. https://devweb.pelleys.com to http://192.168.10.1.

Of course, redirecting to my old internal nginx (yes, reverse proxy to reverse proxy) works:

location / {
                include proxy_params;
                proxy_pass http://vidsrv2.pelleys.com:80/axis-cgi/mjpg/;
                allow all;
        }

What am I missing here?

Here is the full generated configuration


frontend frontend_https
	bind			47.55.69.140:443 name 47.55.69.140:443   ssl crt-list /var/etc/haproxy/frontend_https.crt_list  
	mode			http
	log			global
	option			http-keep-alive
	option			forwardfor
	acl https ssl_fc
	http-request set-header		X-Forwarded-Proto http if !https
	http-request set-header		X-Forwarded-Proto https if https
	timeout client		30000
	acl			acl_livewx	var(txn.txnhost) -m str -i livewx.pelleys.com
	acl			acl_devweb	var(txn.txnhost) -m str -i devweb.pelleys.com
	acl			aclcrt_frontend_https	var(txn.txnhost) -m reg -i ^([^\.]*)\.pelleys\.com(:([0-9]){1,5})?$
	http-request set-var(txn.txnhost) hdr(host)
	use_backend backend_livewx_ipvANY  if  acl_livewx aclcrt_frontend_https
	use_backend backend_devweb_ipvANY  if  acl_devweb aclcrt_frontend_https

backend backend_livewx_ipvANY
	mode			http
	id			100
	log			global
	http-response set-header Strict-Transport-Security max-age=31536000;
	timeout connect		30000
	timeout server		30000
	retries			3
	load-server-state-from-file	global
	server			vidsrv2 192.168.10.100:443 id 101 ssl  verify none 

backend backend_devweb_ipvANY
	mode			http
	id			102
	log			global
	http-response set-header Strict-Transport-Security max-age=31536000;
	http-check		send meth OPTIONS
	timeout connect		30000
	timeout server		30000
	retries			3
	load-server-state-from-file	global
	option			httpchk
	server			extweb 192.168.10.1:80 id 103 check inter 1000

xMAXIMUSx · February 25, 2025, 12:09am

This should do it.

frontend http_front
    bind *:80
    acl host_my_domain hdr(host) -i my.domain.com
    use_backend axis_backend if host_my_domain

backend axis_backend
    server axis_camera 192.168.10.250:80 check
    http-request set-path /axis-cgi/mjpg/%[path]

nfld.republic · February 25, 2025, 9:23pm

Thanks @xMAXIMUSx - do you mean I need two frontends? Note that both use HTTPS.

xMAXIMUSx · February 25, 2025, 11:37pm

You can ignore that front end. I was supplying a short config in context. The biggest part is what I set in the backend.

nfld.republic · February 26, 2025, 10:34pm

Thanks @xMAXIMUSx - that finally worked. I did have to delete /tmp/haproxy_server_state (as others have on the interwebs) have stated. You saved me from finding something to sacrifice something to the silicon gods!