How to redirect with additional headers in the response?

Question

Currently, I use haproxy to upgrade some domains to https automatically to https. I use code 308 because I did not find a possibility to add a Expires: Thu, 01 Dec 2014 16:00:00 or a Cache-Control: max-age=3600 header.

frontend http-frontend
    bind *:80
    mode http
    redirect scheme https code 307 if { hdr(Host) -i foo.example.com } !{ ssl_fc }
    redirect scheme https code 307 if { hdr(Host) -i bar.example.com } !{ ssl_fc }

How do I have to modify above redirect rules to include a Cache-Control header in the response?

Answer 1

Has been resolved in haproxy 2.2

http-after-response set-header Cache-Control max-age=3600 if {condition}

https://github.com/haproxy/haproxy/issues/4#issuecomment-583335714

https://docs.haproxy.org/2.4/configuration.html#4.2-http-after-response%20set-header

Answer 2

HAProxy inserts headers in response with "http-request set-header" directive. Unfortunately, at the time of writing, this is only available when HAProxy gets traffic from a backend.
"http-request redirect .." (or "redirect") is a final directive on a frontend there is no backend response in this case. The turnaround is to create a dummy backend like this:

frontend http-frontend
    bind *:80
    mode http
    use_backend be_dummy_redirect if { hdr(Host) -i foo.example.com } !{ ssl_fc }
    use_backend be_dummy_redirect if { hdr(Host) -i bar.example.com } !{ ssl_fc }
    default_backend be_app

 backend be_dummy_redirect
    http-response set-header Expires "Thu, 01 Dec 2014 16:00:00"
    http-response set-header Cache-Control max-age=3600
    server redirect-server 127.0.0.1:9000

 listen redirect
    bind 127.0.0.1:9000
    http-request redirect scheme https

This was discussed before with the Devs and maybe it is going to be implemented in the future