SSL redirection

Help!
1

I want to redirect the request from http to https with out placing certificates in haproxy config file.

2

Unless you want to contribute a configuration sample, do not use that Category, instead use the help section.

To redirect from HTTP to HTTPS you don’t need a certificate.

Just:

frontend plainhttp
 bind :80
 http-request redirect scheme https

But I guess actually need something else … so please elaborate what you are trying to do exactly if this does not answer your question.

3

The page is getting redirected but we are getting error (ERR_TOO_MANY_REDIRECTS)

below is the config file

frontend gateway
mode http
option httplog
bind :80
http-request redirect scheme https
acl acl_scg_gateway_api_path hdr(host) -i
acl acl_scg_frontend_api_path hdr(host) -i
acl acl_scg_api_path path -i -m beg /api /webhooks
acl acl_scg_frontapi_path path -i -m beg /
acl acl_scg_iot_path path -i -m beg /apidata
acl acl_scg_callback_path path -i -m beg /callback/initiate
http-request use-service lua.cors-response if METH_OPTIONS
use_backend callback_redirect if acl_scg_gateway_api_path acl_scg_callback_path
use_backend callback_frontredirect if acl_scg_frontend_api_path acl_scg_frontapi_path
use_backend iot-%[req.hdr(client_id)] if acl_scg_gateway_api_path acl_scg_iot_path
use_backend %[req.hdr(client_id)] if !acl_scg_iot_path !acl_scg_callback_path acl_scg_gateway_api_path

backend callback_frontredirect
mode http
balance roundrobin
server server1 :
server server2 :

backend callback_redirect
mode http
http-request use-service lua.callback_redirect
backend 1001
mode http
server server1 : check
backend iot-1001
mode http
server server1 : check

4

What’s all the rest of the configuration supposed to do? Please explain what you are trying to achieve in it’s entirety, otherwise nobody will be able to help for sure.

Whatever is listening on port 443 then doesn’t like your redirect (redirecting back to port 80 and causing infinite redirects).

5

Hi @lukastribus,

I am trying to filter the request from the URL and based on the URL I am trying to send the requests to specific backend/URL to serve the request so for this I created a config related to this which is shared above on the comment.
Now my domain is xyz.com suppose anyone will hit on http://xyz.com I want it to get redirected on https://xyz.com

6

Hi @lukastribus,

Kindly update.

7

Ok, but is haproxy listening to port 443 at all? Because otherwise this configuration makes no sense.

When you configure:

bind :80
 http-request redirect scheme https

Everything on port 80 will be redirect to https without chaging the URL. The rest of the configuration in that backend is irrelevant because haproxy will redirect everything to https in the first place.

8

@lukastribus can you please check my haproxy config where we are getting too many redirection error from the below configuration
(NOTE: we are able to do http to https redirection but we are facing too many redirection error)

##########

Global

##########
global
nbproc 1
nbthread 4
maxconn 2000
spread-checks 50
daemon
nbproc 4
cpu-map 1 0
log 127.0.0.1 local2
lua-load /etc/haproxy/lua/401.lua
lua-load /etc/haproxy/lua/cors.lua
lua-load /etc/haproxy/lua/callback_handler.lua
tune.chksize 1028
tune.maxrewrite 16384
tune.bufsize 32768
ssl-server-verify none
############

Defaults

############
defaults
log global
option log-separate-errors
maxconn 2000
timeout connect 60s
timeout queue 2s
timeout check 60s
timeout client 60s
timeout server 60s
timeout http-keep-alive 1s
timeout http-request 60s
mode http
retries 3
contimeout 60000
clitimeout 60000
srvtimeout 60000
balance static-rr
timeout tunnel 60s
option http-server-close
option forwardfor
option http-pretend-keepalive

#####################

Frontend: GATEWAY

#####################
frontend gateway
bind :80
bind :443
#bind :443 ssl crt /etc/ssl/test.pem
mode http
option httplog
option logasap
option httpclose
log global
redirect scheme https code 301 if !{ ssl_fc }
http-request redirect scheme https
acl acl_scg_gateway_api_path hdr(host) -i <domain1.com>
acl acl_scg_frontend_api_path hdr(host) -i <domain2.com>
acl acl_scg_api_path path_beg /api /webhooks
acl acl_scg_frontapi_path path_beg /
acl acl_scg_iot_path path_beg /apidata
acl acl_scg_callback_path path_beg /callback/initiate
http-request use-service lua.cors-response if METH_OPTIONS
use_backend callback_redirect if acl_scg_gateway_api_path acl_scg_callback_path
use_backend callback_frontredirect if acl_scg_frontend_api_path acl_scg_frontapi_path
use_backend iot-%[req.hdr(client_id)] if acl_scg_gateway_api_path acl_scg_iot_path
use_backend %[req.hdr(client_id)] if !acl_scg_iot_path !acl_scg_callback_path acl_scg_gateway_api_path

#############################

Backend: Middleware/Front

#############################

backend callback_frontredirect
mode http
balance roundrobin
server server1 <domain2.com>:443 check

backend callback_redirect
mode http
http-request use-service lua.callback_redirect
backend 1001
option httplog
option forwardfor
option abortonclose
log global
balance roundrobin
#server server1 <domain3.com>:80 check
server server1 <domain3.com>:443 check ssl

backend iot-1001
mode http
server server1 <domain4.com>:80 check

9

Hi @lukastribus,

Kindly update.