If it is any help you can get a certificate for *. domain.com On Oct 28, 2013 9:37 PM, "Felix" <fe...@ferchland.org> wrote:
> Hello, > > I am using haproxy to loadbalance my webapplication but I get into a > problem > with our ssl certificate. > haproxy is also serving the ssl certificate to the clients. this works > quite > well. we only have certificate for www as subdomain, so all traffic hitting > haproxy should be redirected to https://www. > if the visitor comes from non ssl the domain can be rewritten without a > problem, but if the visitor types the domain with ssl but without > subdomain, > the url can't be rewritten before the (in this case invalid) ssl > certificate > was served by haproxy. > is there a way to redirect an ssl request before serving the certificate? > > global > maxconn 4096 > daemon > log 128.0.0.1 local0 > > defaults > log global > mode http > contimeout 5000 > clitimeout 50000 > srvtimeout 50000 > option forwardfor > retries 3 > option redispatch > option http-server-close > > frontend http *:80 > mode http > redirect location https://www.url.com if !{ ssl_fc } > > frontend https > # reqadd X-Forwarded-Proto:\ https > # www Redirect > mode http > acl non-www hdr(host) url.com > redirect prefix https://www.url.com if non-www > > bind *:443 ssl crt /crt/ssl.pem no-sslv3 > default_backend web > option forwardfor > > > >
