Hi,
Le 15/01/2015 03:59, RAKESH P B a écrit :
Hi Cyrill,
Thanks for the update.
In Application side we are not using any SSL offloading. I have tested
with pound (for ssl termination) & haproxy (for load balancing)
combination and issue got resolved.
I guess you have RewriteLocation > 0 in your pound configuration (the
default is 1), this will explain why you see a difference.
But if i tried with haproxy only ,
then getting the issue. I think there is some configuration changes need
to made with haproxy to support application side URL redirect. Please
find the status codes details. Please help me.
This is really not the job of the reverse proxy to decide by itself to
change the protocol in the redirects (it can add very bad side effects)
but in your case, if you're sure that there won't be any valid http
redirect, you can rewrite the headers sent in the response.
For example with :
http-response replace-header Location ^http://(.*) https://\1
1.
haproxy (only)
https://www.example.com/search/quotes? : 302
Here you'll have
Location: http://www.example.com/search/quotes?
catched by the rule given previously, rewriting the header to :
Location: https://www.example.com/search/quotes?
http://www.example.com/search/quotes? : 301
This step won't happen anymore.
https://www.example.com/search/quotes? : 200
2.
Pound (termination ) & haproxy ( loadbalancing)
https://www.example.com/search/quotes? : 302
https://www.example.com/search/quotes? : 200
3.
On Tue, Jan 13, 2015 at 5:49 PM, RAKESH P B <[email protected]
<mailto:[email protected]>> wrote:
Hi Cyrill,
Thanks for the update. I'll check with my developer and let you
know how the way SSL offloading support in Application side.
On Tue, Jan 13, 2015 at 3:14 AM, Cyril Bonté <[email protected]
<mailto:[email protected]>> wrote:
Hi,
Le 12/01/2015 22:27, RAKESH P B a écrit :
Hi All,
Can I have an update on this.
From what you describe and your configuration, this is not
haproxy related but you should take a look on the application or
on the server itself. But we can't tell you more, you didn't
provide any information on them.
By adding a X-Forwarded-Proto header, your server/application
must take it into account. And this is where there is no standard.
For example :
- some applications require X-Forwarded-Proto: https
- some others require that the server set an environment
variables, and depending on the component, it can have different
names/values, some are case sensitive, some others not
(HTTPS=on, HTTPS=On, ...)
- apache redirects will use a special syntax on ServerName with
a https:// prefix, ...
As you see, it depends on what the developers thought at the
time they included SSL Offloading support.
On Sun, Jan 11, 2015 at 6:56 PM, RAKESH P B
<[email protected] <mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>__> wrote:
Please find updated configuration file.
On Sun, Jan 11, 2015 at 6:53 PM, RAKESH P B
<[email protected] <mailto:[email protected]>
<mailto:[email protected]
<mailto:[email protected]>>__> wrote:
Hi Lukas,
Thanks you for the quick response. Please find the
attached
Haproxy configuration.
On Sun, Jan 11, 2015 at 5:21 PM, Lukas Tribus
<[email protected] <mailto:[email protected]>
<mailto:[email protected] <mailto:[email protected]>>>
wrote:
> Hi Team,
>
> I have an issue Haproxy SSL redirection.
Whenever any request is
> redirected from HAproxy , then two redirected
request is send, one is
> with http and other with https while URL for
both request is same.
> For example,
> when the URL is redirected
tohttps://www.example.com/to/__path
<http://www.example.com/to/path>? , then
> these two request are send
>http://www.example.com/path1/__path2/path3
<http://www.example.com/path1/path2/path3>?
>https://www.example.com/__path1/path2/path3
<https://www.example.com/path1/path2/path3>?
Can you share the config?
Lukas
--
Cyril Bonté
--
Cyril Bonté
