On 02/10/2014 03:58 μμ, Willy Tarreau wrote: > On Wed, Oct 01, 2014 at 11:42:13PM +0200, Lukas Tribus wrote: >> Hi Alexander, >> >> >>> Is it possible to bind both HTTP and HTTPS on the same port with haproxy. >>> Something like this: >>> >>> frontend data-in >>> mode http >>> bind 0.0.0.0:8080 >>> crt if ssl /path/to/crt >>> >>> Obviously above doesn't work. Is there something similar? >> >> There may be something, but you will have to put the frontend in TCP mode, >> and >> hairpin the connection to the correct frontend. >> >> Try looking up some haproxy+ssh+https+same+port blog posts on Google, >> that should point you in the right direction. > > Absolutely. We've not implemented anything to switch the protocol handler > depending on the traffic. This is something which could now be possible > given that the protocols are much more dynamic than what they used to be, > but we'd still have to define how we want to make this behaviour configurable, > and ensure it's not enabled by default. I'm thinking that the only use for > this would be to return a hard coded error page indicating that HTTP was > sent over an HTTPS port, but I could be wrong. > > Willy > >
I believe this is what NGINX does: telnet 127.0.0.1 443 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. GET / HTTP/1.1 Host: foo HTTP/1.1 400 Bad Request Server: nginx Date: Thu, 02 Oct 2014 15:09:05 GMT Content-Type: text/html Content-Length: 264 Connection: close <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body bgcolor="white"> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>nginx</center> </body> </html> Connection closed by foreign host. Cheers, Pavlos
signature.asc
Description: OpenPGP digital signature
