I am perplexed as HAproxy 1.3.15.8 doesn't recognise the 'redirect' keyword. I have the following configuration file:
global log 127.0.0.1 local0 maxconn 4096 chroot /var/lib/haproxy user haproxy group haproxy daemon spread-checks 10 defaults mode http option httplog option dontlognull option logasap retries 3 option redispatch maxconn 2000 contimeout 5000 clitimeout 50000 srvtimeout 300000 stats uri /stats_haproxy stats auth admin:xxxxxxxxxxxxxxxxxxx stats scope testproxy stats scope check_hosts stats refresh 60 listen testproxy 10.0.0.220:80 cookie HACookie insert indirect balance roundrobin redirect https:// if !LOCALHOST server penquin 10.0.0.202:80 cookie penquin check inter 2000 rise 2 fall 3 weight 100 log global When starting HAproxy I get the following message: [ALERT] 090/123820 (3190) : parsing [/etc/haproxy/haproxy.cfg:32] : unknown keyword 'redirect' in 'listen' section [ALERT] 090/123820 (3190) : Error reading configuration file : /etc/haproxy/haproxy.cfg Errors in configuration file, check with haproxy check. However the documentation and multiple examples found in the net show that 'redirect' is a valid keyword. I also tried 'redir'. Removing 'if !LOCALHOST' doesn't help either (the idea is to redirect the browser to https:// if the connection doesn't come from localhost i.e. Stunnel). So what I am trying to do is to force http-connections to use SSL. I have Stunnel listening 10.0.0.220:443 and Stunnel connects to 10.0.0.220:80 (i.e. HAproxy). If I force SSL in the server, there's a loop: Firefox complains : "Redirect Loop Firefox has detected that the server is redirecting the request for this address in a way that will never complete." As I understand this is caused by the fact that the browser traffic in encrypted between the server and HAproxy. I believe it should be possible to create an ACL that checks the clients IP address. If the apparent address is 10.0.0.220, the traffic is coming through Stunnel and is encrypted. But if the IP address is not 10.0.0.220, the client connects directly to HAproxy and should be redirected to connect into Stunnel. But how? Help is greatly appreciated. Best regards, BM