So, every site as far as I can tell keeps port 80 open for some odd reason.
Stackpath does 184.108.40.206:80 and 220.127.116.11:443
Port 80 sends about 500 bytes of headers for a response, and 443 is actually not sending back any response (0 bytes)
Limelight 18.104.22.168:80 22.214.171.124:443
Both send responses, 443 sends the nginx response, 80 sends just header response
Why keep port 80 open if you’re gonna serve https traffic?
I might have just found the answer as I was writing this-- is it because by default browsers go to http and not https, so it needs to use port 80 to redirect to port 443? Like if I type google.com, it’s gonna go to www.google.com then make it https.
Is there really a benefit of doing so besides people being able to type the domain in the browser? It actually seems like there is, so then what’s the most efficient way of doing this? Can it be done with HAProxy?
This brings me to my next question–
How can I efficiently send back 0 bytes of response with HAProxy when someone requests the IP with port 80 or 443 of the HAProxy server while using ACLs with more than 1 domain? I’m trying to make HAProxy use the least amount of cpu as possible while preventing mass spam against the web protocol. HTTP silent drop is great, but I think there’s another one that would probably be a better use case while being slightly less efficient, or more efficient.
Finally, if you have time, can someone give me an example config that uses HAProxy cache? I looked at the blog post and around the web and couldn’t find a way to get it to work. Seems like a way better solution than using varnish if the site has little content.
Thank you so much! If it helps, I’m essentially trying to mimic a commercial CDN service, but run it locally so I don’t have to pay high fees, have lower latency and full control over how I want things to work.