Hi,
I'm experimenting with the SSL capabilities of haproxy and I'm wondering
if there is a way to detect if the client connected using SSL?
The background is that I have two frontends one for SSL and one for
regular http. In the SSL frontend I forward the requests to the http
frontend via send-proxy. This part works well.
The problem I have happens when I want to redirect non-SSL requests to SSL.
The common way seems to be to put this in the http frontend:
redirect scheme https if !{ ssl_fc }
However since ALL requests arriving there are regular http requests
(either received via port 80 or accept-proxy) this obviously ends in a
redirect loop since ssl_fc only checks if the request received by the
current frontend is a SSL one and not if the original request is.
What seems to work is this:
redirect scheme https if { dst_port eq 80 }
This works around the problem but now I have to make sure that the port
I check here matches the port in the bind statement.
A cleaner way would be if I could check if the original request is a SSL
one or not. Is this possible somehow?
Regards,
Dennis
