On Mon, Jul 7, 2014 at 3:48 AM, Dennis Jacobfeuerborn <[email protected]> wrote: > Hi, > I'm experimenting with the SSL capabilities of haproxy and I'm wondering > if there is a way to detect if the client connected using SSL? > > The background is that I have two frontends one for SSL and one for > regular http. In the SSL frontend I forward the requests to the http > frontend via send-proxy. This part works well. > The problem I have happens when I want to redirect non-SSL requests to SSL. > The common way seems to be to put this in the http frontend: > redirect scheme https if !{ ssl_fc } > > However since ALL requests arriving there are regular http requests > (either received via port 80 or accept-proxy) this obviously ends in a > redirect loop since ssl_fc only checks if the request received by the > current frontend is a SSL one and not if the original request is. > > What seems to work is this: > redirect scheme https if { dst_port eq 80 } > > This works around the problem but now I have to make sure that the port > I check here matches the port in the bind statement. > A cleaner way would be if I could check if the original request is a SSL > one or not. Is this possible somehow? > > Regards, > Dennis >
Hi Dennis, You should not point your SSL frontend to your clear one. Just use the clear one with a simple redirect rule to SSL one and make the SSL one point to your backend. And you're done. Baptiste
