Hello Amol Here is an example of the sort of thing I use
The 3 important things for are ServerName https://servicename.domain.com:443 SetEnv HTTPS on UseCanonicalName On <VirtualHost *:8080> ServerName https://servicename.domain.com:443 ## Vhost docroot DocumentRoot /var/www/ ## Directories, there should at least be a declaration for /var/www <Directory /var/www> Options Indexes ExecCGI AllowOverride None Order allow,deny Allow from all </Directory> ## Logging LogLevel warn ServerSignature Off ## Custom fragment #### This tricks PHP into believing the script was accessed over SSL SetEnv HTTPS on DirectoryIndex index.php UseCanonicalName On ErrorLog "|/usr/bin/cronolog --link /var/log/apache2/servicename_error.log /var/log/apache2/%Y/servicename_error-%Y%m%d.log" LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" direct LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxied SetEnvIf Remote_Addr "^" direct # make it always set SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" !direct SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" proxied SetEnvIf Request_URI "^/healthcheck$" !direct # keep these SetEnvIf Request_URI "^/healthcheck$" !proxied CustomLog "|/usr/bin/cronolog --link /var/log/apache2/servicename_directaccess /var/log/apache2/%Y/servicename_directaccess-%Y%m%d.log" direct env=direct CustomLog "|/usr/bin/cronolog --link /var/log/apache2/servicename_access /var/log/apache2/%Y/servicename_access-%Y%m%d.log" proxied env=proxied </VirtualHost> I like to log traffic from the loadbal separately to traffic from the public and I ignore /healthcheck from the loadbal but not from others. You'll need to tell haproxy to "option forwardfor". Also using cronolog. Neil On 1 March 2014 15:27, Baptiste <bed...@gmail.com> wrote: > Hi > > More chance to get an answer from Apache 2.2 and wordpress people... > > Baptiste > > On Fri, Feb 28, 2014 at 4:12 PM, Amol <mandm_z...@yahoo.com> wrote: > > well the application behind haproxy in this case is wordpress on > apache2.2, > > any settings there? > > > > > > > > > > On Friday, February 28, 2014 4:57 AM, Baptiste <bed...@gmail.com> wrote: > > It may not fix the issue. > > But at least the configuration will do what you expect from it... > > > > That said, the issue may be in the application too :) > > It is commonly seen that applications don't behave properly when SSL > > offloading is enabled in front of them. > > > > Baptiste > > > > > > On Thu, Feb 27, 2014 at 4:16 PM, Amol <mandm_z...@yahoo.com> wrote: > >> Thanks Baptiste, let me give that a try > >> > >> > >> > >> On Thursday, February 27, 2014 9:37 AM, Baptiste <bed...@gmail.com> > wrote: > >> Hi Amol, > >> > >> There are a few improvement you can do. > >> First update your frontend acl to: > >> acl host_xx hdr(host) -i xx.com > >> > >> then in your backend, this ACL should never match: "acl login_page > >> url_beg /xyz" > >> replace url_beg by path_beg. > >> > >> Your problem is not there as well. > >> I think your application server is sending hardcoded data or Location > >> headers. > >> analyzing the body of the pages and HAProxy logs may help here. > >> > >> Baptiste > >> > >> > >> > >> On Tue, Feb 25, 2014 at 4:56 PM, Amol <mandm_z...@yahoo.com> wrote: > >>> Hi i am using HA-Proxy version 1.4.12 and i have an issue trying to > >>> redirect > >>> my website to "http" > >>> requirement : when a user types in http://<website_name>.com he should > >>> not > >>> be redirected to https://<website_name>.com > >>> currently it does that and some of the video links on our main page do > >>> not > >>> work (basically vimeo has http links while our page is https so it > throws > >>> a > >>> security exception) > >>> > >>> at the same time we need users with http://<website_name>.com/xyz to > be > >>> redirected to https://<website_name>.com/xyz (this helps users login > to > >>> secure application) > >>> > >>> so under my current configurations i cannot get the first part to work, > >>> basically (www.<website_name>.com works and stays http but when i type > >>> http://<website_name>.com it does a redirection to https) > >>> > >>> frontend http-in > >>> bind xx.xx.xx.xx:80 name http > >>> bind 10.xx.xx.xx:8000 name https # forwared by stunnel > >>> > >>> acl host_xx hdr_beg(host) -i xx.com > >>> use_backend xx-http if host_xx > >>> default_backend xx-https > >>> > >>> backend xx-http > >>> balance roundrobin > >>> cookie BALANCEID insert indirect nocache > >>> option http-server-close > >>> option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www > >>> server xx-app1 xx.xx.xx.xx:80 cookie A check > >>> server xx-app6 xx.xx.xx.xx:80 cookie B check backup > >>> acl secure dst_port eq 8000 > >>> acl login_page url_beg /xyz > >>> redirect prefix https://xx.com if login_page !secure > >>> > >>> backend xx-https > >>> mode http > >>> balance roundrobin > >>> cookie BALANCEID insert indirect nocache > >>> option http-server-close > >>> # option forwardfor except 127.0.0.1 > >>> option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www > >>> server xx-app1 xx.xx.xx.xx:80 cookie s1 weight 1 maxconn 5000 > >>> check > >>> server xx-app6 xx.xx.xx.xx:80 cookie s2 weight 1 maxconn 5000 > >>> check > >>> backup > >>> > >>> any suggestions? > >>> > >> > >> > >> > > > > > > > >
