We don’t wan’t that the backend application server supports SSL configuration, to manage the certificats only on the HAProxy.
The IIS won’t support SSL, it will just launch the request using HTTPS protocol, instead of HTTP. But this is done via the app.
So the only way should be the use of relativ URL’s in the IIS application side ? That means probably a huge code review…
Depending on the app, you might have a variable which dictates the protocol to use / that defines the full URL. Wordpress has the site_url and home_url variables that you can change from http://domain to https://domain and will force all requests to be launched via HTTPS.
No way to force IIS header Protocol responses translation from http to https if the HAProxy cannot intercept app response?
I can’t say, unfortunately, since I haven’t played with IIS, but I don’t think there’s such thing. Probably you can do it via an interpreter that would translate all http:// to https:// but that’s a weird workaround and, to be honest, I wouldn’t do that.
Still, you don’t want your responses to be translated to https. You want to send the client links using https.
The client requests index.html. Index.html needs the following image for background: background.png.
You’re basically sending the client the index.html file that requires HTTP://domain/background.png and the client’s browser launches a new request to get that resource. Well, you need to change that HTTP to HTTPS.
The easiest way would be to change the variable dictating the protocol or, if that’s unavailable, code review and change http to https. That can be done via sed on Linux. I’ve used it in the past with success to change custom made apps that used to have links hardcoded.
sed -i "s/http:\/\/domain/https:\/\/domain/g" /var/www/domain/*
Where /var/www/domain is the webroot. The weird
"\/" is needed to escape the “/” character.
The sed command above will go through all the files in the webroot (/var/www/domain/*), find occurrences of http://domain and replace inline with https://domain