Hello HAProxy Community,
I am trying to configure HAProxy to act as a forward proxy for both HTTP and HTTPS requests. My current configuration works fine when forwarding HTTP requests, but I’m encountering issues when trying to forward HTTPS requests. Below is my configuration:
config: |
global
log stdout format raw local0 debug
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 2000
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http-in
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/uat.domain.pem alpn h2,http/1.1
mode http
option httplog
option forwardfor except 127.0.0.1
redirect scheme https code 301 if !{ ssl_fc }
default_backend https-backend
backend https-backend
mode http
option httpchk GET /health
server google google.com:443 ssl verify none
When I use curl to forward an HTTP request through HAProxy, it works fine:
$ curl -x https://haproxy.domain.com http://www.google.com -- this works fine
However, when forwarding an HTTPS request, I receive an error:
$ curl -x https://haproxy.domain.com https://www.google.com
curl: (56) Proxy CONNECT aborted
I suspect the issue is related to how HAProxy handles the CONNECT method for HTTPS forwarding, but I’m not entirely sure how to configure it correctly for HTTPS requests.
Could anyone help me identify what might be wrong with my configuration, or point me in the right direction on how to properly configure HAProxy as a forward proxy for HTTPS APIs?
Any guidance would be greatly appreciated!
Thank you!