Hi. Am 16.01.2019 um 16:35 schrieb mirko stefanelli: > Hi to all, > > we are trying to move from Apache reverse proxy to Haproxy, you can see below > a > part of del file Apache httpd.conf: > > <VirtualHost *:443> > ServerName dipendenti.xxxxxxx.xxxxxxx.it > ErrorLog logs/intranet_ssl_error_log > TransferLog logs/intranet_ssl_access_log > LogLevel info > ProxyRequests Off > ProxyPreserveHost On > ProxyPass / http://intranet.xxxxxx.xxx/ > ProxyPassReverse / http://intranet.xxxxxxx.xxx/ > RedirectMatch ^/$ https://dipendenti.xxxxxxx.xxxxxxx.it / > > SSLEngine on > SSLProxyEngine On > SSLProtocol all -SSLv2 > SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 > > SSLCertificateFile /etc/pki/tls/certs/STAR_xxxxxxxxxxxxxxxxxt.crt > SSLCertificateKeyFile /etc/pki/tls/private/xxxxxxxxxxxxxxxx.pem > SSLCertificateChainFile /etc/pki/tls/certs/STAR_xxxxxxxxxxx_ca-bundle.crt > BrowserMatch "MSIE [2-5]" \ > nokeepalive ssl-unclean-shutdown \ > downgrade-1.0 force-response-1.0 > </VirtualHost> > > As you can see here we use RedirectMatch to force respons in HTTPS. > > Here part of conf on HAproxy: > > in frontend part: > > bind *:443 ssl crt /etc/haproxy/ssl/ #here are stored each certificates > > acl acl_dipendenti hdr_dom(host) -i dipendenti.xxxxxxx.xxxxxxx.it > > use_backend dipendenti if acl_dipendenti > > in backend part: > > backend dipendenti > log 127.0.0.1:514 local6 debug > stick-table type ip size 20k peers mypeers > server intranet 10.xxx.xxx.xxx:80 check > > When we start service we connect to https://dipendenti.xxxxxxx.xxxxxxx.it, but > during navigation seems that haproxy respons change from HTTPS to HTTP. > > Can you suggests some idea in order to investigate on this behavior?
Maybe you get a startpoint on this blog post. https://www.haproxy.com/blog/howto-write-apache-proxypass-rules-in-haproxy/ > Regards, > Mirko. Regards Aleks
