有时候后端需要知道客户端是用的http请求还是https请求,所以一般在haproxy加上一个X-Forwarded-Proto头
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }
但是如果haproxy前面还有反代并且传递了X-Forwarded-Proto头,那么这么做就会把haproxy前面的反代传递的X-Forwarded-Proto头覆盖掉
这种情况可以用haproxy的强大的acl来处理
acl h_xfp_exists req.hdr(X-Forwarded-Proto) -m found
http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfp_exists
http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfp_exists
参考文档:
https://www.haproxy.com/documentation/hapee/1-8r1/traffic-management/http-rewrite/
https://www.haproxy.com/documentation/hapee/1-8r1/traffic-management/acls/