Hi, I’m trying to figure out if HA Proxy could be used in the way I want it to.
I have a simple REST API running on localhost:8080 and I want to use HA Proxy to add SSL support. I already have all the certificates in place and haproxy seems to run without problems. But every time I try to invoke my API over HTTPS I get a 109 error (Network unreachable) because I think it’s looking for my backend server running on port 443 but there’s no SSL there.
Here’s my config at the moment (I tried many different configurations):
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
stats uri /haproxy?stats
frontend http_front
mode http
bind *:80
bind *:443 ssl crt /etc/ssl/certs/server.bundle.pem
default_backend http_back
backend http_back
mode http
option forwardfor
redirect scheme https if !{ ssl_fc }
server my-api 127.0.0.1:8080 check ssl verify none
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
Any help will be much appreciated!
Cheers,
Gabriel.