Re: Loadbalancing with ssl on www only
If it is any help you can get a certificate for *. domain.com
On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org wrote:
Hello,
I am using haproxy to loadbalance my webapplication but I get into a
problem
with our ssl certificate.
haproxy is also serving the ssl certificate to the clients. this works
quite
well. we only have certificate for www as subdomain, so all traffic hitting
haproxy should be redirected to https://www.
if the visitor comes from non ssl the domain can be rewritten without a
problem, but if the visitor types the domain with ssl but without
subdomain,
the url can't be rewritten before the (in this case invalid) ssl
certificate
was served by haproxy.
is there a way to redirect an ssl request before serving the certificate?
global
maxconn 4096
daemon
log 128.0.0.1 local0
defaults
log global
mode http
contimeout 5000
clitimeout 5
srvtimeout 5
option forwardfor
retries 3
option redispatch
option http-server-close
frontend http *:80
mode http
redirect location https://www.url.com if !{ ssl_fc }
frontend https
# reqadd X-Forwarded-Proto:\ https
# www Redirect
mode http
acl non-www hdr(host)url.com
redirect prefix https://www.url.com if non-www
bind *:443 ssl crt /crt/ssl.pem no-sslv3
default_backend web
option forwardfor
Re: Loadbalancing with ssl on www only
A wildcard cert is helpful for some things, but domain.com will not
validate against a cert issued for *.domain.com
On 10/29/13, 10:52 AM, Bhaskar Maddala wrote:
If it is any help you can get a certificate for *. domain.com
http://domain.com
On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org
mailto:fe...@ferchland.org wrote:
Hello,
I am using haproxy to loadbalance my webapplication but I get into
a problem
with our ssl certificate.
haproxy is also serving the ssl certificate to the clients. this
works quite
well. we only have certificate for www as subdomain, so all
traffic hitting
haproxy should be redirected to https://www.
if the visitor comes from non ssl the domain can be rewritten
without a
problem, but if the visitor types the domain with ssl but without
subdomain,
the url can't be rewritten before the (in this case invalid) ssl
certificate
was served by haproxy.
is there a way to redirect an ssl request before serving the
certificate?
global
maxconn 4096
daemon
log 128.0.0.1 local0
defaults
log global
mode http
contimeout 5000
clitimeout 5
srvtimeout 5
option forwardfor
retries 3
option redispatch
option http-server-close
frontend http *:80
mode http
redirect location https://www.url.com if !{ ssl_fc }
frontend https
# reqadd X-Forwarded-Proto:\ https
# www Redirect
mode http
acl non-www hdr(host) url.com http://url.com
redirect prefix https://www.url.com if non-www
bind *:443 ssl crt /crt/ssl.pem no-sslv3
default_backend web
option forwardfor
Re: Loadbalancing with ssl on www only
Ahh, thank you
-Bhaskar
On Tue, Oct 29, 2013 at 10:56 AM, David Coulson da...@davidcoulson.netwrote:
A wildcard cert is helpful for some things, but domain.com will not
validate against a cert issued for *.domain.com
On 10/29/13, 10:52 AM, Bhaskar Maddala wrote:
If it is any help you can get a certificate for *. domain.com
On Oct 28, 2013 9:37 PM, Felix fe...@ferchland.org wrote:
Hello,
I am using haproxy to loadbalance my webapplication but I get into a
problem
with our ssl certificate.
haproxy is also serving the ssl certificate to the clients. this works
quite
well. we only have certificate for www as subdomain, so all traffic
hitting
haproxy should be redirected to https://www.
if the visitor comes from non ssl the domain can be rewritten without a
problem, but if the visitor types the domain with ssl but without
subdomain,
the url can't be rewritten before the (in this case invalid) ssl
certificate
was served by haproxy.
is there a way to redirect an ssl request before serving the certificate?
global
maxconn 4096
daemon
log 128.0.0.1 local0
defaults
log global
mode http
contimeout 5000
clitimeout 5
srvtimeout 5
option forwardfor
retries 3
option redispatch
option http-server-close
frontend http *:80
mode http
redirect location https://www.url.com if !{ ssl_fc }
frontend https
# reqadd X-Forwarded-Proto:\ https
# www Redirect
mode http
acl non-www hdr(host)url.com
redirect prefix https://www.url.com if non-www
bind *:443 ssl crt /crt/ssl.pem no-sslv3
default_backend web
option forwardfor
Re: Loadbalancing with ssl on www only
No. You need to get a cert with both www.domain.com and domain.com in it so
both are valid in a browser.
Sent from my iPad
On Oct 28, 2013, at 9:33 PM, Felix fe...@ferchland.org wrote:
Hello,
I am using haproxy to loadbalance my webapplication but I get into a problem
with our ssl certificate.
haproxy is also serving the ssl certificate to the clients. this works quite
well. we only have certificate for www as subdomain, so all traffic hitting
haproxy should be redirected to https://www.
if the visitor comes from non ssl the domain can be rewritten without a
problem, but if the visitor types the domain with ssl but without subdomain,
the url can't be rewritten before the (in this case invalid) ssl certificate
was served by haproxy.
is there a way to redirect an ssl request before serving the certificate?
global
maxconn 4096
daemon
log 128.0.0.1 local0
defaults
log global
mode http
contimeout 5000
clitimeout 5
srvtimeout 5
option forwardfor
retries 3
option redispatch
option http-server-close
frontend http *:80
mode http
redirect location https://www.url.com if !{ ssl_fc }
frontend https
# reqadd X-Forwarded-Proto:\ https
# www Redirect
mode http
acl non-www hdr(host)url.com
redirect prefix https://www.url.com if non-www
bind *:443 ssl crt /crt/ssl.pem no-sslv3
default_backend web
option forwardfor
