Hello, I'm seeing weird behaviors forwarding on traffic coming in over HTTPS
and was hoping someone could provide a solution. I believe I have SSL setup
properly for HAProxy 1.5, but this is the first time I'm using it with SNI for
multiple domain support. I'm also not sure where my logs are on this server.
Here's a summary of the behavior after connecting with the back-end web servers:
• http domain.com - The browser displays the domain properly.
• http www.domain.com - The browser displays the domain properly. I'm guessing
this works because it matches "domain.com".
• https domain.com - The browser spreads out the page layout vertically and
starts with a vertical list of URLs in text form instead of a horizontal list
in graphical form with pop-up menus. I suspect this may be an issue with the
web server configuration and/or the code.
• https www.domain.com - I'm getting redirected to our secure "order" page
instead of our "main" website page and I'm not sure why.
Here's the much-shortened code to help you focus on what I think is relevant:
global
log /dev/log local0
log /dev/log local1 notice
defaults
log global
mode http
option httplog
option forwardfor
option http-server-close
option log-health-checks
option log-separate-errors
frontend http_in
bind :80
acl domain.com hdr_dom(host) -i domain.com
use_backend domain.com if domain.com
default_backend web
frontend https_in
bind :443 ssl crt /etc/ssl/WILDCARD.domain.com.chain.pem
use_backend domain.com if { ssl_fc_sni domain.com }
use_backend domain.com if { ssl_fc_sni www.domain.com }
default_backend web
backend domain.com
timeout server 600000
balance roundrobin
stick-table type ip size 200k expire 30s store conn_cur peers
haproxypeers
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server MKTWebMainPro1 172.16.0.161:80 check
server MKTWebMainPro2 172.16.0.8:80 check
backend web
timeout server 600000
server TECWebOrderPro1 172.16.0.188:80 check
Thanks,
Brian
