On 24/11/2016 16:47, "Michael Ezzell" <[email protected]> wrote: > > On Nov 23, 2016 22:21, "Jonathan Opperman" <[email protected]> wrote: > > > https://www.test.1.example.com/ --> https://www-test-1.example.com/ > > > > doesn't work in the browser, is http-request only applicable for and http > > request and hot https? > > No. The http-request directives are the same for either. The problem is that wildcard certificates simply don't work that way. The * cannot match a dot in the hostname, for wildcard certs. The browser validates the cert *before* HAProxy becomes aware of the address. > > > In curl it works, but in Chrome/Chromium it comes up with a warning > > Your connection is not private > > As the wilcard cert *.example.com does match https://www.test.1.example.com/ as > > the redrict is not working in the browser to https://www-test-1.example.com/ > > to match the wilcard cert. > > You'd have to bypass the browser's security warning, and after that, the redirect will work as expected. Sorry if I gave you the impression that you would magically be able to avoid the security warning, in the previous message, with a direct https request with the extra dots. I assumed you were aware of the limitations of wildcard certs yet wanted https requests to redirect anyway, if they did come through because the user bypassed the validation. > > The browser behavior is correct, curl is incorrect if it allows these requests. > > Not helpful, perhaps, but hopefully informative.
Very much so, thanks very much for your help, would have taken me way longer to get this working. Appreciate it very much, if you were here I would owe you a beer....a virtual beer is just not the same.
