I want to know about how Haproxy reacts when I want to make the HTTPS connection over the server. In apache we have aj_proxy to make a ssl connection to tomcat server, so how that functionality can be maintained using stunnel. We are using Haproxy v1.4.13. Our scenario is we want to put the certificates in stunnel and maintain HTTPS session.We are just using plain HTTP at backend. So, when I access the https://www.domain.com/login browser validate the certificate but after I login, then it is HTTP again, as it get the content from plain HTTP tomcat servers.
So is there any way that I can make the connection as HTTPS all the time.
Below is the config file of stunnel :
sslVersion = all
options = NO_SSLv2
;Debug
debug = 7
output = /usr/local/etc/stunnel/stunnel.log
chroot = /var/tmp/stunnel
setuid = nobody
setgid = nobody
pid = /stunnel.pid
cert = /usr/local/etc/stunnel/stunnel.pem
;Some Performance Tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[https]
client = noaccept = 10.12.12.1:443
connect = 10.12.12.1:84
xforwardedfor=yes
TIMEOUTclose = 0
And Haproxy HTTPS frontend config:
.
.
.
listen https 10.12.12.1:84
mode http
cookie JSESSIONID prefix
balance roundrobin
option forwardfor except 10.12.12.1
option httpclose
option http-server-close
server S1 10.12.12.2:8080 cookie server1 maxconn 5000 check
server S2 10.12.12.3:8080 cookie server2 maxconn 5000 check
.
.
Any help will be highly appreciated.
Best Answer
I'd suggest using
nginx
as a frontend/reverse proxy instead ofstunnel
and redirect all traffic from http to https.I'm not sure if
stunnel
can handle the http redirects.