HAProxy community

SSL loop issues

#1

HAproxy Version 1.9.3 on CENTOS 7

I am new to HAProxy and I have one issue that I can not resolve. I am trying to put a HAProxy server in front of a Microsoft IIS server that is hosting a website

On the front end I am terminating SSL and I want to proxy everything back to the backend on port 80.

My basic configuration below essentially works redirecting everything on 443 to the backend server on port 80. The issue I am having is that there is one part of the website that redirects to itself through HTTPS. this seems to cause a SSL loop and I get in my test machine browser ERR_TOO_MANY_REDIRECTS

I have tested going to the backend on 443 and everything works perfectly but the requirements i have do ask for 80

frontend sandbox-WWW-frondend
bind 10.1.99.152:80
bind 10.1.99.152:443 ssl crt /etc/haproxy/certs/sandboxwwwkey.pem
mode TCP
default_backend sandbox-WWW-backend
log global

backend sandbox-WWW-backend
balance leastconn
redirect scheme https if !{ ssl_fc }
server sandbox3 10.1.99.16:80
log global

0 Likes

#2

Either configure the application to not redirect, always consider that HTTPS is actually used, or send a X-Forwarded-Proto header and have your application consider it.

A plaintext request never hits your backend, as you configured haproxy to redirect everything to HTTPS, so you can just unconditionally set X-Forwaded-Proto to https:

reqadd X-Forwarded-Proto:\ https

However, your application has to consider it.

0 Likes