It may not fix the issue. But at least the configuration will do what you expect from it...
That said, the issue may be in the application too :) It is commonly seen that applications don't behave properly when SSL offloading is enabled in front of them. Baptiste On Thu, Feb 27, 2014 at 4:16 PM, Amol <[email protected]> wrote: > Thanks Baptiste, let me give that a try > > > > On Thursday, February 27, 2014 9:37 AM, Baptiste <[email protected]> wrote: > Hi Amol, > > There are a few improvement you can do. > First update your frontend acl to: > acl host_xx hdr(host) -i xx.com > > then in your backend, this ACL should never match: "acl login_page > url_beg /xyz" > replace url_beg by path_beg. > > Your problem is not there as well. > I think your application server is sending hardcoded data or Location > headers. > analyzing the body of the pages and HAProxy logs may help here. > > Baptiste > > > > On Tue, Feb 25, 2014 at 4:56 PM, Amol <[email protected]> wrote: >> Hi i am using HA-Proxy version 1.4.12 and i have an issue trying to >> redirect >> my website to "http" >> requirement : when a user types in http://<website_name>.com he should not >> be redirected to https://<website_name>.com >> currently it does that and some of the video links on our main page do not >> work (basically vimeo has http links while our page is https so it throws >> a >> security exception) >> >> at the same time we need users with http://<website_name>.com/xyz to be >> redirected to https://<website_name>.com/xyz (this helps users login to >> secure application) >> >> so under my current configurations i cannot get the first part to work, >> basically (www.<website_name>.com works and stays http but when i type >> http://<website_name>.com it does a redirection to https) >> >> frontend http-in >> bind xx.xx.xx.xx:80 name http >> bind 10.xx.xx.xx:8000 name https # forwared by stunnel >> >> acl host_xx hdr_beg(host) -i xx.com >> use_backend xx-http if host_xx >> default_backend xx-https >> >> backend xx-http >> balance roundrobin >> cookie BALANCEID insert indirect nocache >> option http-server-close >> option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www >> server xx-app1 xx.xx.xx.xx:80 cookie A check >> server xx-app6 xx.xx.xx.xx:80 cookie B check backup >> acl secure dst_port eq 8000 >> acl login_page url_beg /xyz >> redirect prefix https://xx.com if login_page !secure >> >> backend xx-https >> mode http >> balance roundrobin >> cookie BALANCEID insert indirect nocache >> option http-server-close >> # option forwardfor except 127.0.0.1 >> option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www >> server xx-app1 xx.xx.xx.xx:80 cookie s1 weight 1 maxconn 5000 check >> server xx-app6 xx.xx.xx.xx:80 cookie s2 weight 1 maxconn 5000 check >> backup >> >> any suggestions? >> > > >
