Http to https jumps to another server using https passthrough


#1

Hi,

I have an issue with our haproxy setup, cookie persistence works for http but when the site switches to https the user hits another server. We are using https passthrough as we have certificates installed on the servers and dont want encrypted traffic on our network.
Config is below:

frontend http-in
mode http
bind 192.168.1.159:80
reqadd X-Forwarded-Proto:\ http
default_backend http

frontend https-in
mode tcp
option tcplog
bind 192.168.1.159:443
capture cookie ASP.NET_SessionId len 32
default_backend https
#---------------------------------------------------------------------

static backend for serving up images, stylesheets and such

#---------------------------------------------------------------------
#backend static

balance roundrobin

server static 127.0.0.1:4331 check

#---------------------------------------------------------------------

Least connections balancing between the various backends

#--------------------------------------------------------------------
backend http
balance leastconn
option forwardfor
stick-table type ip size 20k expire 30m
cookie SITEID insert indirect nocache
server server1 x.x.x.x:80 weight 25 cookie server1 check
server server2 x.x.x.x:80 weight 25 cookie server2 check

backend https
mode tcp
option tcplog
stick-table type ip size 200k expire 30m
stick on src
server server1 x.x.x.x:443 check
server server2 x.x.x.x:443 check


#2

Well you can’t have cookie persistence if you don’t allow haproxy to see plaintext traffic.

Either terminate TLS on the haproxy layer or remove cookie persistence completely and stick to source-IP stickiness.