From 8aba7983cc126bafd58c49f6c347c783e1830754 Mon Sep 17 00:00:00 2001 From: "Joshua M. Boniface" Date: Wed, 29 Mar 2017 02:40:59 -0400 Subject: [PATCH] Update PROXY.md This makes two changes to the HAProxy documentation: 1) Replaces the `reqadd` statements with `http-request set-header` statements, including a dynamic `X-Forwarded-Host`. Rationale is that this is cleaner (no manual adding of domain), and extensible to a multi-domain environment. Note that I have NOT tested the `:[port]` trick on this form of the command since I run on port 443. 2) Moves the `redirect scheme` from the backend to the frontend. I disagree with the logic of the commit (002275468a6fa8e48b7b837fbb5eb4135af79a89) that moved this to the backend - in a multi-backend environment, putting it in the frontend is cleaner, and in this simple config it makes no functional difference. --- documentation/PROXY.md | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/documentation/PROXY.md b/documentation/PROXY.md index 413b3c4c..8ff6d5a6 100644 --- a/documentation/PROXY.md +++ b/documentation/PROXY.md @@ -131,10 +131,12 @@ frontend https bind :80 bind :443 ssl crt /etc/haproxy/certs/cert_key.pem - # Add X-Headers necessary for HTTPS - # Replace frontend.example.com with your SSL host and include :[port] if not running on port 443 - reqadd X-Forwarded-Host:\ frontend.example.com - reqadd X-Forwarded-Proto:\ https + # Add X-Headers necessary for HTTPS; include :[port] if not running on port 443 + http-request set-header X-Forwarded-Host %[req.hdr(Host)] + http-request set-header X-Forwarded-Proto https + + # (OPTIONAL) Force HTTPS + redirect scheme https if !{ ssl_fc } # Bind URL with the right backend acl is_libresonic path_beg -i /libresonic @@ -146,9 +148,6 @@ backend libresonic-backend # proxy_redirect directive. http-response replace-value Location ^http://(.*)$ https://\1 - # (OPTIONAL) Force HTTPS - redirect scheme https if !{ ssl_fc } - # Forward requests to Libresonic running on localhost on port 4040 server libresonic 127.0.0.1:4040 check ```