I have the following haproxy configuration:
global
daemon
maxconn 2048
tune.ssl.default-dh-param 1024
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend keystone_public
bind beaver.heprc.uvic.ca:15000 ssl crt
/etc/pki/tls/private/web_crt_key.pem
reqadd X-Forwarded-Proto:\ https
default_backend keystone_internal
backend keystone_internal
redirect scheme https code 301 if !{ ssl_fc }
server beaver beaver:5000 check
A request to "https://beaver.heprc.uvic.ca:15000"; returns the expected
result:
root@chimpanzee:/home/uvic# curl -k https://beaver.heprc.uvic.ca:15000
{"versions": {"values": [{"status": "stable", "updated":
"2015-03-30T00:00:00Z", "media-types": [{"base": "application/json",
"type": "application/vnd.openstack.identity-v3+json"}], "id":
"v3.4", "links": [{"href": "http://beaver.heprc.uvic.ca:15000/v3/";,
"rel": "self"}]}, {"status": "stable", "updated":
"2014-04-17T00:00:00Z", "media-types": [{"base": "application/json",
"type": "application/vnd.openstack.identity-v2.0+json"}], "id":
"v2.0", "links": [{"href":
"http://beaver.heprc.uvic.ca:15000/v2.0/";, "rel": "self"}, {"href":
"http://docs.openstack.org/";, "type": "text/html", "rel":
"describedby"}]}]}}root@chimpanzee:/home/uvic#
However, a request using the wrong scheme gives the following:
root@chimpanzee:/home/uvic# curl beaver.heprc.uvic.ca:15000
curl: (52) Empty reply from server
root@chimpanzee:/home/uvic# curl http://beaver.heprc.uvic.ca:15000
curl: (52) Empty reply from server
root@chimpanzee:/home/uvic#
The version is 1.6.4. How do I get a proper permanent redirect from haproxy?
Regards, Colin.
