0

Hi we have been trying to handle an inbound request from HAProxy and use API Gateway to handle the request.

The flow is domain1.com is the end point at HAProxy.

HAProxy should then forward to request to a API Gatway on amazon which is using a custom domain domain2.com

When we try this we receive an error from cloudfront. I believe this is due to the SNI requirement for API Gatway to know where to route the request to. For that reason we implemented the following

backend api_gateway

     http-request set-header host domain2.com
     server api domain2.com:443 check ssl sni str(domain2.com) verify none

This doesn't work we receive a 403 error. Interestingly if we use the non custom domain and point it to the Amazon provided stage URL it works! Well kind of works we can't use it because the stage URL requires the stage in the path i.e /prod which we can not fix.

Does anyone know how we can fix this such that the custom URL works when being passed to from HAProxy?

Thanks,

Tom

Thomas
  • 1
  • 1
  • 1
    A CloudFront "403" error with the (contradictory) message "Bad Request" in the body suggests an invalid/unexpected `Host` header. Is that what you see? It *might* also occur with bad SNI... but that part looks right. – Michael - sqlbot Mar 19 '19 at 23:31
  • Not necessarily a duplicate, but see also https://serverfault.com/a/830327/153161. Note, also, that if you are proxying to API Gateway from EC2 you should have slightly lower latency with a regional (not edge-optimized) deployment, avoiding the jump over to the AWS Edge Network (CloudFront) and back. Also, `http-request set-path /prod%[path]` might be an alternative strategy that you haven't considered. – Michael - sqlbot Mar 19 '19 at 23:47

0 Answers0