HAProxy config tutorials
HTTP redirects
Use the http-request redirect
configuration directive to reroute HTTP traffic. These send back an HTTP redirect response to the client and then the client makes a new request to the new resource. When performing a redirection, the load balancer responds directly to the client. It does not forward any traffic to the server.
Redirect traffic to a location Jump to heading
Use http-request redirect location
to replace the entire location of a URL. Below, we append a www
subdomain in front of all URLs that do not have it. To specify the HTTP status code to return, set the code
parameter with any of the following values:
Code | Description |
---|---|
301 | Permanent move |
302 | Temporary move; should not be cached by the client. This is the default value if no code is configured. |
303 | Similar to 302, but the browser must fetch the new location using a GET |
307 | Similar to 302, but the browser must reuse the same method as the one from the original request |
308 | Similar to 301, but the browser must reuse the same method as the one from the original request |
haproxy
frontend wwwbind :80acl has_www hdr_beg(host) -i wwwhttp-request redirect code 301 location http://www.%[hdr(host)]%[capture.req.uri] unless has_wwwdefault_backend webservers
haproxy
frontend wwwbind :80acl has_www hdr_beg(host) -i wwwhttp-request redirect code 301 location http://www.%[hdr(host)]%[capture.req.uri] unless has_wwwdefault_backend webservers
Redirect traffic using a prefix Jump to heading
Use http-request redirect prefix
to add a prefix to the URL’s location. Below, we prefix all URLs with /api/v2/
if they don’t have it. You do not need to end the prefix with a slash. One will be added to the end of the prefix automatically.
haproxy
frontend wwwbind :80acl begins_with_api path_beg /api/v2/http-request redirect code 301 prefix /api/v2 unless begins_with_apidefault_backend webservers
haproxy
frontend wwwbind :80acl begins_with_api path_beg /api/v2/http-request redirect code 301 prefix /api/v2 unless begins_with_apidefault_backend webservers
Redirect the scheme Jump to heading
Use http-request redirect scheme
to redirect to a different scheme, such as from http://
to https://
. In the following example, we redirect all HTTP traffic to HTTPS:
haproxy
frontend wwwbind :80bind :443 ssl crt /ssl.pemhttp-request redirect scheme https unless { ssl_fc }default_backend webservers
haproxy
frontend wwwbind :80bind :443 ssl crt /ssl.pemhttp-request redirect scheme https unless { ssl_fc }default_backend webservers
The Location
header is built by concatenating the following elements in this order:
- the scheme (e.g.
https
) provided by the directive ://
- the first occurrence of the
Host
header - the URL
Info
Even with the redirect, there is still a chance that a man-in-the-middle attack can occur. To prevent this attack, consider using the http-response set-header Strict-Transport-Security
directive. For details, see HTTP Strict Transport Security.
See also Jump to heading
Do you have any suggestions on how we can improve the content of this page?