Tomcat – End to End SSL connection using Haproxy


I want to know about how Haproxy reacts when I want to make the HTTPS connection over the server. In apache we have aj_proxy to make a ssl connection to tomcat server, so how that functionality can be maintained using stunnel. We are using Haproxy v1.4.13. Our scenario is we want to put the certificates in stunnel and maintain HTTPS session.We are just using plain HTTP at backend. So, when I access the browser validate the certificate but after I login, then it is HTTP again, as it get the content from plain HTTP tomcat servers.

So is there any way that I can make the connection as HTTPS all the time.
Below is the config file of stunnel :

sslVersion = all
options = NO_SSLv2
debug = 7
output = /usr/local/etc/stunnel/stunnel.log
chroot = /var/tmp/stunnel

setuid = nobody
setgid = nobody
pid = /

cert = /usr/local/etc/stunnel/stunnel.pem
;Some Performance Tunings

socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = noaccept =
connect =
TIMEOUTclose = 0

And Haproxy HTTPS frontend config:

listen https
    mode http
cookie JSESSIONID prefix
balance roundrobin
option forwardfor except
option httpclose
option http-server-close
server S1 cookie server1  maxconn 5000    check
server S2 cookie server2  maxconn 5000    check

Any help will be highly appreciated.

Best Answer

I'd suggest using nginx as a frontend/reverse proxy instead of stunnel and redirect all traffic from http to https.

I'm not sure if stunnel can handle the http redirects.