Hi,
I have an application which is authenticated using keycloak server and multiple keycloak instances are configured as backend servers. When the application is accessed it will be redirected to the haproxy frontend where ssl is enabled(domain name is set for haproxy frontend ip and it is properly redirected to https://domainname:443). Once after logging in , I am getting forbidden error in the application.
My requirement is that the backend servers (keycloak instances) will be using HTTP only and not secured. So the connection between the browser and HAProxy need to be secured. My current configuration is as follows:
frontend haproxynode
bind <HAPROXY_IP>:443 ssl crt /etc/ssl/abc/abc.pem
reqadd X-Forwarded-Proto:\ https
redirect scheme https if !{ ssl_fc }
default_backend backendnodes
backend backendnodes
#option forwardfor
balance roundrobin
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto http if !{ ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
server nod1 KEYCLOAKIP1:PORT check cookie nod1
server nod2 KEYCLOAKIP2:PORT check cookie nod2
Why am I getting this forbidden error? Can I fix this forbidden issue by changing the haproxy configuration?
Haproxy log:
Dec 27 12:43:18 haproxy[24145]: 192.168.11.11:44748 [27/Dec/2021:12:43:18.328] haproxynode~ backendnodes/nod1 0/0/0/1/1 200 174 - - ---- 1/1/0/0/0 0/0 “HEAD /auth/resources/l7ggq/login/abc/js/ServerDate.js?noCache=1640589198323920691 HTTP/1.1”
Dec 27 12:44:12 haproxy[24145]: 192.168.11.11:44766 [27/Dec/2021:12:44:09.164] haproxynode~ backendnodes/nod1 0/0/0/3440/3440 302 2749 - - ---- 1/1/0/0/0 0/0 “POST /auth/realms/abc/login-actions/authenticate?session_code=sGfvID_txtP6V2tJHl8YgWycYqUEpvs4Tv5DE-Rkhr0&execution=7c9ea28c-eee6-4f26-89fa-f195fbb41774&client_id=aa&tab_id=_AZNqoSRONA HTTP/1.1”
Dec 27 12:44:12 haproxy[24145]: 192.168.11.11:44776 [27/Dec/2021:12:44:12.633] haproxynode/1: SSL handshake failure
Thanks in advance.
Deeps.