Update PROXY.md

This makes two changes to the HAProxy documentation: 1) Replaces the `reqadd` statements with `http-request set-header` statements, including a dynamic `X-Forwarded-Host`. Rationale is that this is cleaner (no manual adding of domain), and extensible to a multi-domain environment. Note that I have NOT tested the `:[port]` trick on this form of the command since I run on port 443. 2) Moves the `redirect scheme` from the backend to the frontend. I disagree with the logic of the commit (002275468a) that moved this to the backend - in a multi-backend environment, putting it in the frontend is cleaner, and in this simple config it makes no functional difference.
8 years ago · 8aba7983cc
parent 8e99811fe0
commit 8aba7983cc
1 changed files with 6 additions and 7 deletions
--- a/documentation/PROXY.md
+++ b/documentation/PROXY.md
@ -131,10 +131,12 @@ frontend https
    bind :80
    bind :443 ssl crt /etc/haproxy/certs/cert_key.pem
    
-    # Add X-Headers necessary for HTTPS
-    # Replace frontend.example.com with your SSL host and include :[port] if not running on port 443
-    reqadd X-Forwarded-Host:\ frontend.example.com
-    reqadd X-Forwarded-Proto:\ https
+    # Add X-Headers necessary for HTTPS; include :[port] if not running on port 443
+    http-request set-header X-Forwarded-Host %[req.hdr(Host)]
+    http-request set-header X-Forwarded-Proto https
+
+    # (OPTIONAL) Force HTTPS
+    redirect scheme https if !{ ssl_fc }

    # Bind URL with the right backend
    acl is_libresonic  path_beg -i /libresonic
@ -146,9 +148,6 @@ backend libresonic-backend
    # proxy_redirect directive.
    http-response replace-value Location ^http://(.*)$ https://\1

-    # (OPTIONAL) Force HTTPS
-    redirect scheme https if !{ ssl_fc }
-
    # Forward requests to Libresonic running on localhost on port 4040
    server libresonic 127.0.0.1:4040 check
 ```