what version of haproxy is this in, will it work for 1.4 variants or only 1.5 onwards?
________________________________ From: Baptiste <[email protected]> To: Wolfgang Grim <[email protected]> Cc: "[email protected]" <[email protected]> Sent: Tuesday, August 6, 2013 4:14 AM Subject: Re: Force HTTPS with https backend Hi Wolfgand, First, turn the mode to http, otherwise header insertion can't work. To fix your issue, simply append a the "ssl" keyword on the server line description. Baptiste On Tue, Aug 6, 2013 at 8:14 AM, Wolfgang Grim <[email protected]> wrote: > Hi everybody, > > > > just started to use haproxy. > > > > What I want to achieve is to have a primary server and a secondary which > acts as backup server. All traffic should be forced to be encrypted. As long > as the backend connection is established via HTTP it works, when I change to > the following config, I am also able to connect via HTTP. > > > > global > > #log 127.0.0.1 local0 > > log 127.0.0.1 local1 notice > > #log loghost local0 info > > maxconn 4096 > > #chroot /usr/share/haproxy > > user haproxy > > group haproxy > > daemon > > #debug > > #quiet > > > > defaults > > log global option dontlognull > > retries 3 > > option redispatch > > maxconn 2000 > > contimeout 5000 > > clitimeout 50000 > > srvtimeout 50000 > > > > frontend https_frontend > > > > bind :80 > > redirect scheme https if !{ ssl_fc } > > > > bind *:443 ssl crt /etc/haproxy/haproxy.pem > > mode tcp > > #option httpchk HEAD / HTTP/1.0 > > reqadd X-Forwarded-Proto:\ https > > default_backend web_server > > > > backend web_server > > mode tcp > > balance roundrobin > > stick-table type ip size 200k expire 30m > > stick on src > > default-server inter 1s > > server webServerA 195.202.164.227:443 check inter 5000 downinter 500 > > server webServerB 213.235.220.170:443 check inter 5000 backup > > > > > > Best regards, > > Wolfgang Grim > >
