多级代理 haproxy 传递X-Forwarded-Proto

有时候后端需要知道客户端是用的http请求还是https请求，所以一般在haproxy加上一个X-Forwarded-Proto头

http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }

但是如果haproxy前面还有反代并且传递了X-Forwarded-Proto头，那么这么做就会把haproxy前面的反代传递的X-Forwarded-Proto头覆盖掉

这种情况可以用haproxy的强大的acl来处理

acl h_xfp_exists req.hdr(X-Forwarded-Proto) -m found
http-request set-header X-Forwarded-Proto http if !{ ssl_fc } !h_xfp_exists
http-request set-header X-Forwarded-Proto https if { ssl_fc } !h_xfp_exists

 

参考文档：

https://www.haproxy.com/documentation/hapee/1-8r1/traffic-management/http-rewrite/

https://www.haproxy.com/documentation/hapee/1-8r1/traffic-management/acls/