Hi.
Am 16.01.2019 um 16:35 schrieb mirko stefanelli:
> Hi to all,
>
> we are trying to move from Apache reverse proxy to Haproxy, you can see below
> a
> part of del file Apache httpd.conf:
>
>
> ServerName dipendenti.xxx.xxx.it
> ErrorLog logs/intranet_ssl_error_log
> TransferLog logs/intranet_ssl_access_log
> LogLevel info
> ProxyRequests Off
> ProxyPreserveHost On
> ProxyPass / http://intranet.xx.xxx/
> ProxyPassReverse / http://intranet.xxx.xxx/
> RedirectMatch ^/$ https://dipendenti.xxx.xxx.it /
>
> SSLEngine on
> SSLProxyEngine On
> SSLProtocol all -SSLv2
> SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
>
> SSLCertificateFile /etc/pki/tls/certs/STAR_xt.crt
> SSLCertificateKeyFile /etc/pki/tls/private/.pem
> SSLCertificateChainFile /etc/pki/tls/certs/STAR_xxx_ca-bundle.crt
> BrowserMatch "MSIE [2-5]" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
>
> As you can see here we use RedirectMatch to force respons in HTTPS.
>
> Here part of conf on HAproxy:
>
> in frontend part:
>
> bind *:443 ssl crt /etc/haproxy/ssl/ #here are stored each certificates
>
> acl acl_dipendenti hdr_dom(host) -i dipendenti.xxx.xxx.it
>
> use_backend dipendenti if acl_dipendenti
>
> in backend part:
>
> backend dipendenti
> log 127.0.0.1:514 local6 debug
> stick-table type ip size 20k peers mypeers
> server intranet 10.xxx.xxx.xxx:80 check
>
> When we start service we connect to https://dipendenti.xxx.xxx.it, but
> during navigation seems that haproxy respons change from HTTPS to HTTP.
>
> Can you suggests some idea in order to investigate on this behavior?
Maybe you get a startpoint on this blog post.
https://www.haproxy.com/blog/howto-write-apache-proxypass-rules-in-haproxy/
> Regards,
> Mirko.
Regards
Aleks