Hi Lucas,
Thanks for taking the time to respond.
It might help explain further how the environment is set-up.
The data flow goes:
User -> Internet -> Cloud Firewall -> Cloud SLB -> DMZ Web Agent -> - HAPROXY
-> Lifreray Application
The SSL termination is done at the Cloud SLB end, the traffic is then sent onto
the Web Agent and then onto HAPROXY and then out to the application.
This mostly works fine, but for some of these functional elements,we get this
problem, when we click on some of the sub menu's in the application it fails
to load, and the analyzer shows that the user is trying to access the resource
using http instead of https. There is no SSL termination performed by HAPROXY,
as the traffic is being passed via our SLB Cloud.
This is my current configuration:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend http-openfire
bind *:7070
default_backend openfire
backend openfire
balance roundrobin
server :7070 check
server :7070 check
frontend http-uapi
bind *:7080
default_backend uapi
backend uapi
balance roundrobin
server :7080 check
server :7080 check
frontend http-sec
bind *:8080
default_backend sec
backend sec
balance roundrobin
server :8080 check
server :8080 check
frontend http-wall
bind *:9080
default_backend wall
backend wall
balance roundrobin
server :9080 check
server :9080 check
frontend http-xmpp
bind *:9090
default_backend xmpp
backend xmpp
balance roundrobin
server :9090 check
server :9090 check
frontend http-aim
bind *:10080
default_backend aim
backend aim
balance roundrobin
server :10080 check
server :10080 check
frontend http-servicedesk
bind *:8081
default_backend servicedesk
backend servicedesk
balance roundrobin
server :8081 check
server :8081 check
listen stats :1936
mode http
stats enable
stats hide-version
stats realm Haproxy\ Statistics
stats uri /
stats auth haproxy:
The bit that I am trying to work out concerns the 'backend servicedesk' and how
I can make HAPROXY take the http request from the application and turn it into
a https request, does this mean I have to install something like STUNNEL and
the certificate on the HAPROXY Server in order for it to be https?.
What I tried was:
frontend unsecured *:80
redirect location https:// - this is resolvable via a hosts file entry to
the app1 server.
frontend secured *:443
mode http
default_backend httpsapp
backend httpsapp
mode http
balance roundrobin
server app1 :8081 check
server app2 :8081 check
But that doesnt seem to affect the outcome of the request.
I'm probably being stupid and not understanding what I need to cater for.
Thanks again.
Jon
---
posted at http://www.serverphorums.com
http://www.serverphorums.com/read.php?10,690173,690196#msg-690196
