Hello, I’m trying to set up a reverse proxy for an application that is running on HTTPS and does not accept http, only https and it cannot be changed. Using Haproxy, the redirection is always thrown to HTTP and not to HTTPS in the backend, causing a bad request 400. I’ve searched the internet and haven’t found a solution. The strange thing is that I can make it work on Squid Proxy.
NOTE: I’m using PFsense as a Proxy
My haproxy.cfg:
global
maxconn 1000
stats socket /tmp/haproxy.socket level admin expose-fd listeners
uid 80
gid 80
nbthread 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
server-state-file /tmp/haproxy_server_state
listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats admin if TRUE
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000
frontend FrontEnd_HTTPS
bind 192.168.1.14:443 name 192.168.1.14:443 ssl crt-list /var/etc/haproxy/FrontEnd_HTTPS.crt_list
mode http
log global
option http-keep-alive
timeout client 30000
acl acl_zkbio var(txn.txnhost) -m str -i zkbio.teste.com.br
acl aclcrt_FrontEnd_HTTPS var(txn.txnhost) -m reg -i ^zkbio.teste.com.br(:([0-9]){1,5})?$
http-request set-var(txn.txnhost) hdr(host)
use_backend Backend_ZKbio_ipvANY if acl_zkbio aclcrt_FrontEnd_HTTPS
backend Backend_ZKbio_ipvANY
mode http
id 100
log global
http-check send meth GET ver HTTP/1.1\r\nHost:\ 192.168.200.10:8098\r\nAccept:\ /
timeout connect 30000
timeout server 30000
retries 3
load-server-state-from-file global
option httpchk
server zkbio 192.168.200.10:8098 id 101 ssl check inter 1000 verify none