I have haproxy v1.5.4 working with http & https. I am binding *:80 & :*443 to the same frontend and using the same acls.
I want to create an http -> https redirect
frontend http-in
bind *:80
bind *:443 ssl crt /etc/pki/tls/certs/...
...
acl is_office path_beg /office
http-request redirect scheme https if !{ ssl_fc } is_office
use_backend office if is_office
This causes
10.XXXXX:36909 [16/Dec/2015:17:23:07.678] http-in/2: SSL handshake failure
when I access over http (expecting the redirect)
If I access via https then it correctly hits the backend and proxies through to the service over 443.
backend office
balance roundrobin
server backbone-daily 10.XXXXXX:443 ssl check verify none
The self-signed cert validates and works without the redirect. It feels like i'm missing something in the redirect stage.
Any help much appreciated
Since we use the HAProxy Plugin with OPNsense, which only has a GUI, I can't give an answer containing working code. However, I can retrace the steps that finally made this work for us.
http-request redirect scheme https
I suspect this would translate to code something like this:
frontend http-in
bind *:443 ssl crt /etc/pki/tls/certs/...
use_backend office if is_office
frontend no-ssl-http-in
bind *:80
http-request redirect scheme https
Hope this helps anyone who is still looking for a solution.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With