haproxy：获取主机名

我正在尝试获取请求者主机/IP，因为它涉及 haproxy 节点。 我的 haproxy 配置如下：

frontend www-http
    bind *:9000
    http-request redirect location https://%fi:9143

frontend www-https
    bind *:9143 ssl crt /root/keys.pem
    reqadd X-Forwarded-Proto:\ https
    default_backend www-backend

backend www-backend
    balance roundrobin
    cookie SERVERID insert indirect nocache
    server server1 1.1.1.1:9080 cookie server1 weight 1 maxconn 1024 check

所以在这里，如果有任何http请求到来，那么我需要转发到https。 现在请求可能带有完全限定形式的 IP 地址或主机名，例如

http://10.10.10.10:9000 

这需要转发到https://10.10.10.10:9143 https://10.10.10.10:9143

同样，请求可能以完全限定的形式出现主机名，例如

http://myhost.domain.com:9000

这需要转发到https://myhost.domain.com:9143 https://myhost.domain.com:9143

基本上 10.10.10.10 和 myhost.domain.com 是同一系统。

现在有了上面的 haproxy 配置，我无法得到下面的内容，因为它是 %fi (frontend_ip)，所以它重定向到https://10.10.10.10:9143 https://10.10.10.10:9143

所以我的问题是如何获取 haproxy 节点的 ip/主机。

我尝试了以下选项，但不起作用：

http-request redirect location https://%f:9143
http-request redirect location https://%[req.hdr(Host)]:9143

from https://www.haproxy.com/doc/aloha/7.0/haproxy/log_format_rules.html https://www.haproxy.com/doc/aloha/7.0/haproxy/log_format_rules.html

See 如何在 HAProxy 中设置动态变量？ https://stackoverflow.com/questions/39333496/how-do-i-set-a-dynamic-variable-in-haproxy有关更多详细信息，但以此为基础，以下内容应该适合您：

frontend www-http
    bind *:9000

    # Redirect user from http port to https port
    http-request set-var(req.hostname) req.hdr(Host),field(1,:),lower
    http-request redirect code 301 location https://%[var(req.hostname)]:9143 if !{ ssl_fc }

frontend www-https
    bind *:9143 ssl crt /root/keys.pem
    reqadd X-Forwarded-Proto:\ https
    default_backend www-backend

backend www-backend
    balance roundrobin
    cookie SERVERID insert indirect nocache
    server server1 1.1.1.1:9080 cookie server1 weight 1 maxconn 1024 check

我的情况有点不同，因为我只想重定向统计 UI URL，所以我不必去更新内部文档中的每个统计 URL。这是适合我的情况的方法（如果它对其他人有帮助）：

userlist stats-auth
    group admin users adminuser
    group readonly users readonlyuser

    # Passwords created via mkpasswd -m sha-512 PASSWORD_HERE
    user adminuser password NOT_REAL_PASSWORD
    user readonlyuser password NOT_REAL_PASSWORD

listen stats

    # Used just for the initial connection before we redirect the user to https
    bind *:4711

    # Combined file containing server, intermediate and root CA certs along
    # with the private key for the server cert.
    bind *:4712 ssl crt /etc/ssl/private/my-site-name_combined_cert_bundle_with_key.pem

    option dontlognull
    mode http
    option httplog

    # Redirect user from http port to https port
    http-request set-var(req.hostname) req.hdr(Host),field(1,:),lower
    http-request redirect code 301 location https://%[var(req.hostname)]:4712/ if !{ ssl_fc }

    acl AUTH            http_auth(stats-auth)
    acl AUTH_ADMIN      http_auth_group(stats-auth) admin

    stats enable

    # The only "site" for using these ports is the admin UI, so use '/' as
    # the base path instead of requiring something like '/haproxy_stats' or
    # '/stats' in order to display the UI.
    stats uri /

    # Force a login if not already authenticated
    stats http-request auth unless AUTH

    # Allow administrator functionality if user logged in using admin creds
    # (there are separate read-only username and password pairs)
    stats admin if AUTH_ADMIN

我省略了前端和后端配置，因为它们更长/更详细。