This is the basic configuration I am using for SSL termination in HAProxy (ports 80/443):
frontend ALL
bind 192.168.200.129:80
bind 192.168.200.129:443 ssl crt /etc/haproxy/cert/mydomain.pem
option http-server-close
option forwardfor
http-response set-header Connection "Keep-Alive"
http-response set-header Keep-Alive "timeout=5, max=100"
http-response set-header Strict-Transport-Security "max-age=31536000"
redirect scheme https code 301 if !{ ssl_fc }
acl mydomain_secure hdr_sub(host) -i mydomain.tld
use_backend mydomain if mydomain_secure
backend mydomain
server server 192.168.200.129:8080 check
http-request add-header Ssl-Offloaded on
I am using Apache (port 8080) as a webserver behind HAProxy. In .htaccess I have the following statements that set environment variables used by a PHP script:
SetEnvIf Ssl-Offloaded on HTTPS=on
SetEnvIf X-Forwarded-For "^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).*" HTTP_X_REAL_IP=$1
Ssl-Offloaded is set in haproxy.cfg to value on. Based on this value I am able to set HTTPS to value on which tells to the PHP script that SSL is active, the I create a new variable X-REAL-IP which is used in Apache Logs and also in PHP script (X-Forwareded-For is used also that’s why I needed two variables).
Now, I would like to set these environment variables in HAProxy not in .htaccess. So far I tried this:
backend mydomain
server server 192.168.200.129:8080 check
http-request add-header Ssl-Offloaded on
http-request add-header HTTPS on
http-request add-header X-REAL-IP %[src]
without any luck. After doing this change in browser I am getting ERR_TOO_MANY_REDIRECTS.
Is it possible to achieve this in HAProxy or should I leave the configuration as before in .htaccess? Thank you.