Translating `upstream-host/path` to `path.example.com`

[ret-aws]

Hello, and thanks for taking time to help a newbie. I'm running a hashistack with nomad, consul, and fabio.

• Nomad and consul are running in AWS on ec2 instances behind an ALB.
• Fabio is running as a system-level reverse proxy in the nomad cluster on worker nodes' port 9999.
• The DNS record for greenlight.example.com points to the ALB.
• The ALB has a rule to redirect greenlight.example.com to the nomad cluster worker nodes:9999.

This works, but of course my host header is not maintained and I end up at nomad-cluster.example.com:9999/greenlight

My goal is to end up at greenlight.example.com. I've ended up down an ugly rabbit hole trying to get this working and thought I'd come up for air and consult the veterans.

Any assistance achieving this result is greatly appreciated. Thank you in advance.

[tristanmorgan]

One way would be to swap the ALB with an NLB that way the headers would not get a re-write. Unless you wanted the ALB to terminate TLS.

[ret-aws]

The ALB terminates TLS here.

[tristanmorgan]

I think using "urlprefix-:9999/path strip/path" as the tag on that service and have the ALB add /path when "host = path.example.com" would be the trick.

[ret-aws]

Hey, thanks, appreciate the support!

That gets me closer. I'd like to trim the url if I can. This gets me to greenlight.example.com:9999/greenlight.

ALB

resource "aws_lb_listener_rule" "greenlight-r" {
  listener_arn = aws_lb_listener.cleartext.arn
  priority     = 48001
  action {
    type             = "redirect"
    redirect {
      port = "9999"
      status_code = "HTTP_301"
      path = "/greenlight"
    }
  }
  condition {
    host_header {
      values = ["greenlight.${var.domain}"]
    }
  }
  condition {
    path_pattern {
      values = ["/"]
    }
  }
}

resource "aws_lb_listener_rule" "greenlight" {
  listener_arn = aws_lb_listener.fabio.arn
  priority     = 48002
  action {
    type      = "forward"
    target_group_arn = aws_lb_target_group.fabio.arn
  }
  condition {
    host_header {
      values = ["greenlight.${var.domain}"]
    }
  }
  condition {
    path_pattern {
      values = ["/greenlight"]
    }
  }
}

Service

      service {
        name = "greenlight"
        port = "http"
        tags = [
            "urlprefix-greenlight.example.com:9999/greenlight strip=/greenlight"
        ]
        check {
          type = "http"
          path = "/health"
          interval = "5s"
          timeout = "3s"
        }
      }

Any way to get the port and path removed?

[ret-aws]

It seems the path strip is not working at all in my use case. I believe I'm probably doing something out of order on the alb? I'm not sure how to do this without 2 redirects and guessing that might be the issue?

[ret-aws]

I've resolved this by simply forwarding to the fabio listener and removing the redirect entirely (duh), and I've placed the url as the prefix, as in urlprefix-<my_url>. No strip, all easy.

Hope this helps someone else who is struggling with this. Thanks @tristanmorgan for getting me looking at the usage of urlprefix in greater detail.