Using HTTP Rewrites with HAProxy

30 minutes
  • 2 Learning Objectives

About this Hands-on Lab

Wouldn’t it be great if we could manage all our HTTP requests, all in one place? HAProxy has the power to implement HTTP rewrites, changing the request as it moves between the client and the backend servers, transparently. In this hands-on lab, we’re going to get hands-on with HAProxy, using it to configure and test a basic HTTP rewrite. We’re also going to consolidate 2 HTTP `frontends` into 1, using access control lists (ACLs) to direct traffic to the correct `backend`, based on request hostname. Upon completion of this lab, you will be able to configure an HAProxy installation to implement a basic HTTP rewrite as well as implement HAProxy ACLs.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a Rewrite and Some ACLs

We’re going to create a new subdirectory on the site, /textfiles and move our test.txt file there. We will handle requests for the file in its original location, /test.txt, using an HTTP rewrite in HAProxy.

Perform the following:

  • Start by creating the new /usr/share/nginx/html/textfiles directory in each container using the podman exec command.
  • Next, we’ll move the test.txt file to the /textfiles subdirectory.
  • Check your work by opening a bash shell in one container using podman exec.
    • Check the contents of the /usr/share/nginx/html directory.
    • Check the contents of /usr/share/nginx/html/textfiles.
    • Exit the container.
  • Perform the following checks with curl:
    • The first 2 will fail, the second 2 should work.
  • Add a rewrite to each of the frontends in the HAProxy configuration file that looks for requests for files that end in .txt and sets the path for those requests to /textfiles/.
    • Restart the haproxy service.
    • Perform the following checks with curl:
    • All checks should work now.
Consolidate the HTTP Frontends Using ACLs

We’re going to replace the 2 HTTP frontends with a single frontend, using ACLs, so that requests for are directed to the site1 backend, and requests for are directed to the site2 backend.

Perform the following:

  • Consolidate the 2 frontends into a single http frontend.
    • Bind the frontend to port 80 for all addresses.
    • Keep the current rewrites.
    • Add an ACL for each site, so that requests for are directed to the site1 backend, and requests for are directed to the site2 backend.
    • Leave the 2 backends untouched.
    • Restart the haproxy service.
    • Perform the following checks with curl:

Additional Resources

Let's clean things up!

We're building a web development environment using containerized nginx web servers, and we need to simplify our HTTP frontend configuration. Management has told us that we need to clean all the nonessential files from the root of our sites. We have a file that needs to be moved, but we need to be able to continue to support requests for it in its current location. We're going to try using ACLs and a rewrite on our HAProxy server to accomplish it.

How does it work?

When the lab starts, you will want to open an SSH connection to your lab instance(s):

ssh cloud_user@PUBLIC_IP_ADDRESS

Replace PUBLIC_IP_ADDRESS with either the public IP or DNS of the instance(s). The cloud_user password has been provided with the instance information.

Entries for and have been created in /etc/hosts that point to Additionally, SSL certificates for HAProxy have been generated in /etc/haproxy/certs/. The HAProxy package has also been installed but is not running.

On our system, we have 2 sites, site1 and site2, configured, with 3 web server containers in each, running rootlessly by the cloud_user account. They've been prepopulated with a test text file at /test.txt that identifies which site and server we're accessing.

The nginx containers are configured as follows:

  • site1_server1: web server accessible on port 8081
  • site1_server2: web server accessible on port 8082
  • site1_server3: web server accessible on port 8083
  • site2_server1: web server accessible on port 8084
  • site2_server2: web server accessible on port 8085
  • site2_server3: web server accessible on port 8086

Good luck and enjoy!

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?