I want to know about how Haproxy reacts when I want to make the HTTPS connection over the server. In apache we have aj_proxy to make a ssl connection to tomcat server, so how that functionality can be maintained using stunnel. We are using Haproxy v1.4.13. Our scenario is we want to put the certificates in stunnel and maintain HTTPS session.We are just using plain HTTP at backend. So, when I access the https://www.domain.com/login browser validate the certificate but after I login, then it is HTTP again, as it get the content from plain HTTP tomcat servers.
So is there any way that I can make the connection as HTTPS all the time.
Below is the config file of stunnel :
sslVersion = all options = NO_SSLv2 ;Debug debug = 7 output = /usr/local/etc/stunnel/stunnel.log chroot = /var/tmp/stunnel setuid = nobody setgid = nobody pid = /stunnel.pid cert = /usr/local/etc/stunnel/stunnel.pem ;Some Performance Tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 [https] client = noaccept = 10.12.12.1:443 connect = 10.12.12.1:84 xforwardedfor=yes TIMEOUTclose = 0
And Haproxy HTTPS frontend config:
. . . listen https 10.12.12.1:84 mode http cookie JSESSIONID prefix balance roundrobin option forwardfor except 10.12.12.1 option httpclose option http-server-close server S1 10.12.12.2:8080 cookie server1 maxconn 5000 check server S2 10.12.12.3:8080 cookie server2 maxconn 5000 check . .
Any help will be highly appreciated.