Thanks Cyrill. Issue got resolved. On Thu, Jan 15, 2015 at 1:26 PM, Cyril Bonté <[email protected]> wrote:
> Hi, > > Le 15/01/2015 03:59, RAKESH P B a écrit : > >> Hi Cyrill, >> >> Thanks for the update. >> >> In Application side we are not using any SSL offloading. I have tested >> with pound (for ssl termination) & haproxy (for load balancing) >> combination and issue got resolved. >> > > I guess you have RewriteLocation > 0 in your pound configuration (the > default is 1), this will explain why you see a difference. > > But if i tried with haproxy only , >> then getting the issue. I think there is some configuration changes need >> to made with haproxy to support application side URL redirect. Please >> find the status codes details. Please help me. >> > > This is really not the job of the reverse proxy to decide by itself to > change the protocol in the redirects (it can add very bad side effects) but > in your case, if you're sure that there won't be any valid http redirect, > you can rewrite the headers sent in the response. > For example with : > http-response replace-header Location ^http://(.*) https://\1 > > 1. >> >> haproxy (only) >> >> https://www.example.com/search/quotes? : 302 >> > > Here you'll have > Location: http://www.example.com/search/quotes? > catched by the rule given previously, rewriting the header to : > Location: https://www.example.com/search/quotes? > > http://www.example.com/search/quotes? : 301 >> > > This step won't happen anymore. > > https://www.example.com/search/quotes? : 200 >> >> 2. >> >> Pound (termination ) & haproxy ( loadbalancing) >> https://www.example.com/search/quotes? : 302 >> https://www.example.com/search/quotes? : 200 >> >> 3. >> >> >> On Tue, Jan 13, 2015 at 5:49 PM, RAKESH P B <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi Cyrill, >> >> Thanks for the update. I'll check with my developer and let you >> know how the way SSL offloading support in Application side. >> >> On Tue, Jan 13, 2015 at 3:14 AM, Cyril Bonté <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi, >> >> Le 12/01/2015 22:27, RAKESH P B a écrit : >> >> Hi All, >> >> Can I have an update on this. >> >> >> From what you describe and your configuration, this is not >> haproxy related but you should take a look on the application or >> on the server itself. But we can't tell you more, you didn't >> provide any information on them. >> >> By adding a X-Forwarded-Proto header, your server/application >> must take it into account. And this is where there is no standard. >> For example : >> - some applications require X-Forwarded-Proto: https >> - some others require that the server set an environment >> variables, and depending on the component, it can have different >> names/values, some are case sensitive, some others not >> (HTTPS=on, HTTPS=On, ...) >> - apache redirects will use a special syntax on ServerName with >> a https:// prefix, ... >> >> As you see, it depends on what the developers thought at the >> time they included SSL Offloading support. >> >> >> On Sun, Jan 11, 2015 at 6:56 PM, RAKESH P B >> <[email protected] <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>>__> wrote: >> >> Please find updated configuration file. >> >> On Sun, Jan 11, 2015 at 6:53 PM, RAKESH P B >> <[email protected] <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>>__> wrote: >> >> Hi Lukas, >> >> Thanks you for the quick response. Please find the >> attached >> Haproxy configuration. >> >> On Sun, Jan 11, 2015 at 5:21 PM, Lukas Tribus >> <[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>> >> wrote: >> >> > Hi Team, >> > >> > I have an issue Haproxy SSL redirection. >> Whenever any request is >> > redirected from HAproxy , then two redirected >> request is send, one is >> > with http and other with https while URL for >> both request is same. >> > For example, >> > when the URL is redirected >> tohttps://www.example.com/to/__path >> <http://www.example.com/to/path>? , then >> > these two request are send >> >http://www.example.com/path1/__path2/path3 >> <http://www.example.com/path1/path2/path3>? >> >https://www.example.com/__path1/path2/path3 >> <https://www.example.com/path1/path2/path3>? >> >> Can you share the config? >> >> >> Lukas >> >> >> >> >> >> >> -- >> Cyril Bonté >> >> >> >> > > -- > Cyril Bonté >
