HAProxy community

Http to https on same frontend port

Hi all,

I’m trying to set up HAproxy to send all http request to https follow the same link and port. For example:

http://exmple.local:9443 —> https://exmple.local:9443

Here is my configuration:

frontend example
bind *:9443 ssl crt /etc/haproxy/example.pem

Example app

acl is_example path -i -m beg /example
use_backend example_backend if is_example

backend example_backend
mode http
balance roundrobin
server example01 host:9443 check ssl verify none
server example02 host:9443 check ssl verify none
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }

In addiion, i have tried:

redirect scheme https code 301 if !{ ssl_fc }
http-request add-header X-Forwarded-Proto https

HAproxy version HA-Proxy version 2.1.4.
OS: Suse Ent. 15 SP1

Please, suggest configuration.

BR.

This will not work, don’t do it.

Well, i don’t think i have a choice. Let me explain my situation:

We have IBM Websphere application servers in the backend, listening on 9080 (http) and 9443 (https). I tried to use 443 in frontend and 9080 in backend and when I open the app on http://example.com\exampleapp i get https://example.com:9080\exampleapp and the app is not working. I can’t find what is the problem for this behavior and how to get past it (i think is the application problem, but I’m not sure).

BR.

Your assumption that putting everything in one port will solve those issues are wrong.

If the backend redirects, you either try to configure haproxy the same, or configure your backend so it does the proper redirects with correct URLs.

Assuming the host port is not wrong also, to do the former you’d listen on port 9080 and forward to 9080 in HTTP, and 9443 to 9443 for HTTPS.