On the app by opening a link I’ll get 302 response with redirect link to http. I need to redirect that to https, how get this?
I have tried to add “http-request redirect scheme https unless { ssl_fc }” to both backend and frontend.
Shouldn’t the redirect do the trick?
I can see the location field on the response is to http. But overwriting it with custom rule feels like a bit hackish way.
Hi, why add this to the backend? You only need a port 80 frontend that does the redirect for you. This might be your ssl-frontend with second bind on port 80 or just another frontend.
But http-request redirect scheme https code 301 unless { ssl_fc }
should do the trick.
Do you use X-Forwarded-For header
on the frontend?
Thanks for your clarifying response. I got this fixed by editing the response header location from http to https on backend.
In case someone is looking for this:
http-response replace-value Location ^http://(.*)$ https://\1
Sure, but this is more of a workaround than a really good solution.
Have you tried passing X-Forwarded-Proto: https
before modifiing the response?
Depending on the app it might help passing
Front-End-Https: on
X-Forwarded-Protocol: https
X-Forwarded-Ssl: on
X-Url-Scheme: https
to it instead.
Well, it feels a bit like a workaround. But that is only solution that is only one I got working for header location from http to https.
Tried to add these headers on frontend, but I didint got the locatin header https:
http-request add-header X-Forwarded-Proto https
http-request add-header Front-End-Https on
http-request add-header X-Forwarded-Ssl on
http-request add-header X-Url-Scheme https
http-request add-header X-Forwarded-Protocol https
We have anglular+springboot applications running behind nginx and haproxy works as reverse proxy / apigateway for these applications.
You might need
server.use-forward-headers=true
in the application.properties of spring boot.
You are probably on right about the hackish implementation, as now I’m struggling with the wrong host name as the the application returns loadbalancer ip to the location response, and I should do the same trick to that as well. Convert the lb address on haproxy to point haproxy domain. As I want application to work both on LB and haproxy addresses.
This might need actions on the application side as you mentioned… A bit lost atm…
Your application has to support Forward-Headers if it shall work with layer 7 correctly. Otherwise you just could use layer 4 - but ssl-offloading won’t work that way.