Configure haproxy with multiple ssl ports

haproxyrewriteurl

I have two servers which have the same URL but the port number may change.

I want to redirect these two URLs HTTPS.

If I enter my first URL (http://example.com) then I want to it will redirect to https://example.com.

If I enter second URL (http://example.com:8080) then I want to it redirect to https://example.com:8080.

See My Configurations:

frontend www-HTTP
  bind *:80
  bind *:443 ssl crt /etc/apache2/ssl/apache.pem
  reqadd X-Forwarded-Proto:\ https
  default_backend tcp-backend
  mode tcp

frontend TCP-HTTP
  bind *:8080
  bind *:8443 ssl crt /etc/apache2/ssl/paritech.pem
  reqadd X-Forwarded-Proto:\ https
  default_backend www-backend
  mode tcp

backend www-backend
  redirect scheme https if !{ ssl_fc }
  server dev.example.com 192.168.1.120:8080 check

backend TCP-backend
  redirect scheme https if !{ ssl_fc }
  server qa.example.com 192.168.1.120:80 check

How can I redirect 8080 over 8443 for HTTPS..

Best Answer

The documentation of redirect scheme says

With "redirect scheme", then the "Location" header is built by concatenating with "://" then the first occurrence of the "Host" header, and then the URI path, including the query string...

There is the problem: it is using the Host Header and there is your 8080...

Here is a possible solution:

http-request replace-header Host ^(.*?)(:[0-9]+)?$ \1:8443
http-request redirect scheme https if !{ ssl_fc }

That replace the Host header with the correct port...

Related Solutions

HAProxy – ssl client ca chain cannot be verified

The files server.pem and client.pem should have 3 sections in it and should look like this:

The private key might not be RSA, but it should be first. The first certificate is the signed server certificate. The second certificate should be the CA certificate. You can copy and paste each section using a text editor. To check your certificate, run this.

$ openssl verify -CAfile ca1-certificate.pem server.pem
server.pem: OK

Nginx – HAProxy redirect traffic to NGINX getting error “The plain HTTP request was sent to HTTPS port”

Change the backend server specification to this:

server server1 backend:3000 weight 1 maxconn 8192 check ssl verify none

The "ssl" part defines that the backend speaks SSL, if it is not present, haproxy will default to plain HTTP. The "verify none" disables certificate check, something you probably don't want to do with your internal servers anyway.

Best Answer

Related Solutions

HAProxy – ssl client ca chain cannot be verified

Nginx – HAProxy redirect traffic to NGINX getting error “The plain HTTP request was sent to HTTPS port”

Related Topic