On Wed, May 28, 2014 at 3:00 PM, Souda Burger <soudabur...@gmail.com> wrote:
> I have an haproxy server set up with a compiled 1.5-dev25 version of
> HaProxy. I am needing SSL and since SSL isn't available in 1.4, I compiled
> 1.5. I have everything working, but I noticed something peculiar and wasn't
> sure if this was expected behavior or not. Below is my SSL haproxy.cfg file
> along with the wget that I performed against my websserver. It appears to
> initially redirect HTTPS to HTTP which then rewrites the connection back to
> HTTPS. Again, is this expected behavior or is something in my config
> incorrect? Thanks!
>
> global
> daemon
> log 127.0.0.1 local2
> maxconn 4096
> user haproxy
> group haproxy
> chroot /var/chroot/haproxy
>
> defaults
> log global
> mode http
> retries 3
> option httplog
> option dontlognull
> option redispatch
> timeout server 50000
> timeout client 50000
> timeout connect 5000
>
> frontend http_in
>
> bind *:80
> default_backend portalbackend
>
> frontend https_in
> reqadd X-Forwarded-Proto:\ https
> bind *:443 ssl crt /etc/haproxy/haproxy.crt
> default_backend portalbackend
>
> backend portalbackend
> balance leastconn
> redirect scheme https if !{ ssl_fc }
> option httpchk GET /login.jsp
> option forwardfor
> option http-server-close
> server node1 <ip1>:8080 check inter 5000
> server node2 <ip2>:8080 check inter 5000
>
>
>
> 07:53:18 ~$ wget https://haproxy --no-check-certificate
> --2014-05-28 07:59:55-- https://haproxy/
> Resolving haproxy... 192.168.8.213
> Connecting to haproxy|192.168.8.213|:443... connected.
> WARNING: cannot verify haproxy's certificate, issued by
> '/CN=www.exceliance.fr':
> Self-signed certificate encountered.
> WARNING: certificate common name 'www.exceliance.fr' doesn't match
> requested host name 'haproxy'.
> HTTP request sent, awaiting response... 302 Found
> Location: http://haproxy/login.jsp [following]
> --2014-05-28 07:59:55-- http://haproxy/login.jsp
> Connecting to haproxy|192.168.8.213|:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location: https://haproxy/login.jsp [following]
> --2014-05-28 07:59:55-- https://haproxy/login.jsp
> Reusing existing connection to haproxy:443.
> HTTP request sent, awaiting response... 200 OK
> Length: 7327 (7.2K) [text/html]
> Saving to: 'index.html.1'
>
> 100%[=====================================================================================================================>]
> 7,327 --.-K/s in 0s
>
> 2014-05-28 07:59:55 (81.3 MB/s) - 'index.html.1' saved [7327/7327]
>
Hi Souda,
The first 302 seems to be sent by your application server which does
not seems to take into account you "X-Forwarded-Proto" header.
Baptiste
