What we are trying to is to have HAProxy to listen for all incoming traffic from port 443 (HTTPS & WSS)
Below is our HAProxy config:
frontend wwws
bind 0.0.0.0:443 ssl crt /etc/haproxy/server.pem
timeout client 1h
default_backend www_backend
backend www_backend
mode http
stats enable
stats uri /haproxy
option forwardfor
reqadd x-forwarded-proto:\ https
server server1 backend:3000 weight 1 maxconn 8192 check
0.0.0.0:443 (e.g. https://example.com) is our HA proxy server listening for all incoming 443 traffic
backend:3000 is our nginx server which is set to listen for SSL connections
The current problem we are facing right now is when we enter https://example.com, the browser is showing the following error:
400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx/1.7.5
It does seems like when haproxy forward the traffic to nginx (backend:3000) it converts to http.
I thought "reqadd x-forwarded-proto:\ https " is suppose to make sure it is https.
Not sure what is wrong with our haproxy config.
Best Answer
Change the backend server specification to this:
The "ssl" part defines that the backend speaks SSL, if it is not present, haproxy will default to plain HTTP. The "verify none" disables certificate check, something you probably don't want to do with your internal servers anyway.