Currently I have a HAProxy configuration which redirects all HTTP traffic to HTTPS.
frontend http-in
bind *:80
redirect scheme https code 301
I then have various HTTPS domains configured, each redirecting to a standard path and using their own backends.
frontend https-in
bind *:443 no-sslv3 ssl crt /usr/local/etc/haproxy/cruise.pem crt /usr/local/etc/haproxy/rose.pem crt /usr/local/etc/haproxy/mirren.pem
reqadd X-Forwarded-Proto:\ https
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
acl host_cruise ssl_fc_sni_reg -i tom.cruise.de
acl host_rose ssl_fc_sni_reg -i ruby.rose.com
acl host_mirren ssl_fc_sni_reg -i helen.mirren.com
acl movietime_context path -m beg /movietime/
redirect location https://tom.cruise.de/movietime/login code 301 if host_cruise !movietime_context
redirect location https://ruby.rose.com/movietime/login code 301 if host_rose !movietime_context
redirect location https://helen.mirren.com/movietime/login code 301 if host_mirren !movietime_context
use_backend cruise if host_cruise
use_backend rose if host_rose
use_backend mirren if host_mirren
I now need to add support for tom.cruise.com and tom.cruise.at. All requests for tom.cruise.de and tom.cruise.at need to redirect to tom.cruise.com.
Obviously I need a new SSL certificate for tom.cruise.com but do I need certs for the other two domains? Can I configure all HTTP and HTTPS requests from tom.cruise.de and tom.cruise.at to redirect to tom.cruise.com without having to configure SSL certs for the at and de domains?
Best Answer
If you want to do anything with HTTPS including redirect you will need a certificate for each domain.
But you could just redirect HTTP from those other domains and only use HTTPS on the main domain.