AW: Loadbalancing with ssl on www only

Tue, 29 Oct 2013 09:40:49 -0700 

So it's simply impossible to redirect the request?

I was using nginx as reverse proxy before and even apache can do that with a
redirection.

I'm a little surprised that this is simply impossible and i need another ssl
vertificate.

 

But thanks for the quick answers!

 

 

Von: Bhaskar Maddala [mailto:madda...@gmail.com] 
Gesendet: Dienstag, 29. Oktober 2013 16:07
An: David Coulson
Cc: Felix; haproxy@formilux.org
Betreff: Re: Loadbalancing with ssl on www only

 

Ahh, thank you

-Bhaskar

 

On Tue, Oct 29, 2013 at 10:56 AM, David Coulson <da...@davidcoulson.net
<mailto:da...@davidcoulson.net> > wrote:

A wildcard cert is helpful for some things, but domain.com
<http://domain.com>  will not validate against a cert issued for
*.domain.com <http://domain.com> 

 

On 10/29/13, 10:52 AM, Bhaskar Maddala wrote:

If it is any help you can get a certificate for *. domain.com
<http://domain.com> 

On Oct 28, 2013 9:37 PM, "Felix" <fe...@ferchland.org
<mailto:fe...@ferchland.org> > wrote:

Hello,

I am using haproxy to loadbalance my webapplication but I get into a problem
with our ssl certificate.
haproxy is also serving the ssl certificate to the clients. this works quite
well. we only have certificate for www as subdomain, so all traffic hitting
haproxy should be redirected to https://www.
if the visitor comes from non ssl the domain can be rewritten without a
problem, but if the visitor types the domain with ssl but without subdomain,
the url can't be rewritten before the (in this case invalid) ssl certificate
was served by haproxy.
is there a way to redirect an ssl request before serving the certificate?

global
   maxconn 4096
   daemon
   log 128.0.0.1 local0

defaults
   log          global
   mode         http
   contimeout   5000
   clitimeout   50000
   srvtimeout   50000
   option forwardfor
   retries 3
   option redispatch
   option http-server-close

frontend http *:80
   mode http
   redirect location https://www.url.com if !{ ssl_fc }

frontend https
   # reqadd X-Forwarded-Proto:\ https
   # www Redirect
   mode http
   acl non-www hdr(host)        url.com <http://url.com> 
   redirect prefix https://www.url.com if non-www

   bind *:443 ssl crt /crt/ssl.pem no-sslv3
   default_backend web
   option forwardfor

Reply via email to