No way it worked with Apache. Ssl verification happens before http can do anything.
Sent from my iPad > On Oct 29, 2013, at 12:39 PM, "Felix Ferchland" <fe...@ferchland.org> wrote: > > So it’s simply impossible to redirect the request? > I was using nginx as reverse proxy before and even apache can do that with a > redirection… > I’m a little surprised that this is simply impossible and i need another ssl > vertificate. > > But thanks for the quick answers! > > > Von: Bhaskar Maddala [mailto:madda...@gmail.com] > Gesendet: Dienstag, 29. Oktober 2013 16:07 > An: David Coulson > Cc: Felix; haproxy@formilux.org > Betreff: Re: Loadbalancing with ssl on www only > > Ahh, thank you > > -Bhaskar > > > On Tue, Oct 29, 2013 at 10:56 AM, David Coulson <da...@davidcoulson.net> > wrote: > A wildcard cert is helpful for some things, but domain.com will not validate > against a cert issued for *.domain.com > > > On 10/29/13, 10:52 AM, Bhaskar Maddala wrote: > If it is any help you can get a certificate for *. domain.com > > On Oct 28, 2013 9:37 PM, "Felix" <fe...@ferchland.org> wrote: > Hello, > > I am using haproxy to loadbalance my webapplication but I get into a problem > with our ssl certificate. > haproxy is also serving the ssl certificate to the clients. this works quite > well. we only have certificate for www as subdomain, so all traffic hitting > haproxy should be redirected to https://www. > if the visitor comes from non ssl the domain can be rewritten without a > problem, but if the visitor types the domain with ssl but without subdomain, > the url can't be rewritten before the (in this case invalid) ssl certificate > was served by haproxy. > is there a way to redirect an ssl request before serving the certificate? > > global > maxconn 4096 > daemon > log 128.0.0.1 local0 > > defaults > log global > mode http > contimeout 5000 > clitimeout 50000 > srvtimeout 50000 > option forwardfor > retries 3 > option redispatch > option http-server-close > > frontend http *:80 > mode http > redirect location https://www.url.com if !{ ssl_fc } > > frontend https > # reqadd X-Forwarded-Proto:\ https > # www Redirect > mode http > acl non-www hdr(host) url.com > redirect prefix https://www.url.com if non-www > > bind *:443 ssl crt /crt/ssl.pem no-sslv3 > default_backend web > option forwardfor > > > > >
