Hi
I’m trying to do a very simple HTTP to HTTPS redirect. I’ve been able to do this with Traefik, so I know what I am trying is possible, but I cannot get HAProxy to do it.
I want to accept connections on port 8443, using SSL with a self signed cert, and forward to a backend on port 8000. This works if I use https://localhost:8443.
I have attempted to set up the redirects in several different ways to redirect http://localhost:8443 to https. This never works.
HAProxy 2.9.6 running in docker.
Here is my config:
# haproxy.cfg
global
log stderr format raw local0
defaults
log global
option httplog
mode http
timeout client 10s
timeout connect 5s
timeout server 10s
timeout http-request 10s
frontend http
mode http
bind :8443 ssl crt /certs/server.pem
http-request redirect scheme https code 301 if !{ ssl_fc }
# http-request redirect scheme https if !{ ssl_fc }
use_backend myservers
backend myservers
mode http
server server1 host.docker.internal:8000
I have searched high and low, and tried multiple difference constructions of the http-request redirect. I’m using curl for testing: curl -vvk http://localhost:8443
HAProxy logs an SSL error:
haproxy | 172.21.0.1:52172 [06/Mar/2024:18:20:13.511] http/1: SSL handshake failure (error:0A00009C:SSL routines::http request)
And curl response is:
* Trying 127.0.0.1:8443...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
> GET / HTTP/1.1
> Host: localhost:8443
> User-Agent: curl/7.68.0
> Accept: */*
>
* Empty reply from server
* Connection #0 to host localhost left intact
curl: (52) Empty reply from server
I have spent hours trying to figure this out, and it just doesn’t work. My other server using Traefik does this with no problems, so I know that a basic http to https redirect should work in theory.
What am I missing here? It doesn’t seem like it should be this difficult, but I’m 4 hours in and can’t get this to work.
Frankly, I find Traefik to be very fussy and difficult to configure, and I don’t really need the dynamic configuration so much that it is worth dealing with it. It was looking like HAProxy might be easier overall to deal with, but now I’m not so sure. Traefik may be fussy, but it can do an http to https redirect.
I cannot imagine this is an actual bug. But how do you actually get this to work?