Hello Shawn & Willy, Thank you both for responding. I was trying to work
around a problem I am having terminating an ssl/tls connection. Neither
apache nor haproxy would handle the request as I expected. It appears
that there may be a problem with the certificates. I will keep you
posted. Thanks again, Colin.
On 16-03-29 10:47 PM, Willy Tarreau wrote:
On Tue, Mar 29, 2016 at 06:06:50PM -0600, Shawn Heisey wrote:
You can only set up a redirect on a different frontend, listening on
another port WITHOUT SSL. And to do that, I would put the redirect in
the frontend, not the backend.
Here's a slightly redacted example of what I'm saying:
frontend fe-services-80
description Front end that accepts non-ssl requests
bind 70.xxx.yyy.75:80
redirect scheme https if !{ ssl_fc }
capture request header host len 32
frontend fe-services-443
description Front end that accepts SSL requests
bind 70.xxx.yyy.75:443 ssl crt
/etc/ssl/certs/local/services.nc.combined.pem no-sslv3 alpn http/1.1 npn
http/1.1
capture request header host len 32
default_backend be-services-8443
note that your can further simplify it by having a single frontend
with two "bind" lines :
frontend fe-services-80
bind 70.xxx.yyy.75:80
bind 70.xxx.yyy.75:443 ssl crt
/etc/ssl/certs/local/services.nc.combined.pem no-sslv3 alpn http/1.1 npn
http/1.1
redirect scheme https if !{ ssl_fc }
capture request header host len 32
Willy
--
Colin Leavett-Brown
Physics and Astronomy
University of Victoria
250-472-4085
