I have set up a HAProxy lb in front of my services.
According to the HAProxy documentation, in order to achieve 80 --> 443 redirect, the following line should be added to the
Custom haproxy.cfg
tab when configuring the service:
redirect scheme https code 301 if !{ ssl_fc }
This does not seem to work since when I am accessing my site on http:// it stays on 80.
Any suggestions?
Using:
"CATTLE_RANCHER_SERVER_VERSION=v1.6.14"
rancher/lb-service-haproxy:v0.7.15
The way that i resolved this, is the next:
Add a new selector rule listening in the port 80 and HTTP protocol, put any what you want in target (foo=bar per example).
Add this in the Custom haproxy.cfg tab
frontend http-redirect
bind *:80
mode http
redirect scheme https code 302 if !{ ssl_fc }
Related
I need to deploy different apps on the same domain, thus I've set up the backend to rewrite URL with reqrep ^([^\ ]*\ /)appA[/]?(.*) \1\2. It works when I only deploy the HTTP or HTTPS version of the app.
However, if I try to redirect all HTTP traffic to HTTPS, it doesn't work. The problem is that HAProxy has already rewritten the URL and stripped out the /appA part before the redirection. Thus if I try to visit http://myserver.com/appA, the page https://myserver.com will eventually be requested instead of https://myserver.com/appA.
I can't put the redirect rule before the reqrep rule as it seems that HAProxy must process all the rewrites before the redirects.
What can I do to make my configuration work as I intended? This should be obvious but I can't seem to find a relevant answer online.
My configuration:
frontend http_front
bind *:80
reqadd X-Forwarded-Proto:\ http
acl appA_url url_beg /appA
use_backend appA if appA_url
frontend https_front
bind *:443 ssl crt /etc/haproxy/certs/myserver.com.pem
reqadd X-Forwarded-Proto:\ https
acl appA_url url_beg /appA
use_backend appA if appA_url
backend appA
reqrep ^([^\ ]*\ /)appA[/]?(.*) \1\2
redirect scheme https if !{ ssl_fc }
balance roundrobin
server web1 127.0.0.1:5001 check
Use http-request directives, which are processed in declararion order. They are also newer features, and usually cleaner, more intuitive, more flexible, and more internally efficient than reqxxx.
http-request redirect scheme https if ! { ssl_fc }
http-request set-path %[path,regsub(^/appA/,/)]
See http-request. Requires 1.6 or later, where the regsub() converter is available.
My Apache servers are behind an ALB/ELB. I'm terminating SSL at the load balancer. The load balancer listens on both 80 and 443. I want to redirect all http requests to https.
I have this rewrite rule in place in the vhost config:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
This works, but the issue is that I also have redirects in an htaccess file. When a redirect happens through the htaccess file, it redirects to http first and then the vhost config redirect picks it up and redirects to https. I want to eliminate the extra http redirect.
http://mysite.example.com/sub
301
https://mysite.example.com/sub
301
http://mysite.example.com/newsub - this redirect is htaccess
301
https://mysite.example.com/newsub
200
I'd like to gracefully get around having the htaccess redirect to http first. I can get around this by adding https://%{HTTP:Host} to rewrite rules. Is this the best way to do this:
RewriteRule ^sub$ https://%{HTTP:Host}/newsub [R=301,L]
Application Load Balancer now supports two new actions: redirect and fixed-response. You can configure these actions as part of the content-based routing rules, enabling you to offload this functionality to the load balancer. This simplifies deployments while benefiting from the scale, the availability, and the reliability of Elastic Load Balancing.
Here's what I did to make it work on AWS:
Example configuration for ALB redirection - HTTP -> HTTPS
https://aws.amazon.com/about-aws/whats-new/2018/07/elastic-load-balancing-announces-support-for-redirects-and-fixed-responses-for-application-load-balancer/
If your web servers are running behind an AWS Application Load Balancer and you configured at least one listener for HTTP port 80, you can redirect http to https directly by doing this:
Go to EC2 Console, then Load Balancing and Load Balancers from left menu.
Click on your ALB name checkbox, then select Listeners Tab. If you create two listeners for HTTP and HTTPS go to step 4.
If you did not set a HTTPS Listener on Load Balancer's first creation, then click on Add Listener. Choose HTTPS and Port (443 usually). In Default action(s) select Forward to... option and then your Target Group for your Load Balancer. Weight it's ok in 1. Choose the appropriate Security policy and then add your Default SSL certificate for your case (you must have a ssl certificate registered on AWS Certificate Manager or AWS IAM). Then click on Save. Test your settings going to https://load-balancer-dns-name or https://your-server-dns-name
To configure HTTP redirection, select the HTTP:80 checkbox and click on Edit button. In the Default action(s) click the thrash icon to remove Forward to current setting. Then click on Add action and select Redirect to option. Common values for this section are HTTPS, 443 port, Original host, path, query and 301 - Permanently moved. Finally, click on Update button at the right top of the page.
Now test going to http://load-balancer-dns-name or http://your-server-dns-name and you will be redirected to HTTPS.
Hope it helps!
I have a web application running on Apache/Tomcat on a cloud with Linux (Digital Ocean). It had a domain name - example.com. I've encrypted both example.com and www.example.com using Let's Encrypt and now requests to https://example.com and to https://www.example.com work.
Then I wanted to redirect HTTP requests to HTTPS. But noticed that for some reason requests to http://example.com and to http://www.example.com do not work, and I'm not getting any response from my server. I tried to play with Apache configuration files of VirtualHost, but nothing worked for me so far.
Using tcpdump I see that I am receiving requests on port 80 on the server, but nothing happens except that.
What might be the reason for requests to HTTPS to work while requests to HTTP not to work?
Thanks.
Well, if someone else encounters this behavior - the reason for it was the firewall - port 443 (used by HTTPS) was open but port 80 (used for HTTP) was simply closed. Opening it solved it.
I am using dedicated servers to host 4 domains and 3 subdomains on Centos & WHM. Recently planned to use HAProxy for load balancing between them.
What I am trying to achieve is to redirect all the traffic of one particular domain to https using HAProxy configuration on frontend because I am terminating the SSL of that one particular domain at HAProxy.
here's what i have used
frontend www-https
bind haproxy_www_public_IP:443 ssl crt /etc/ssl/private/example.com.pem
reqadd X-Forwarded-Proto:\ https
default_backend www-backend
backend www-backend
redirect scheme https if !{ ssl_fc }
server www-1 www_1_private_IP:80 check
server www-2 www_2_private_IP:80 check
I have googled for solution but most of the solution available are telling to redirect all the traffic to https or http.
If I understand correctly, you want one domain (in the configuration below it is httpsonlydomain.com) to only be accessible by https and all http requests to that domain get forwarded onto https. For the other domains they can work by either http or https with no forwarding. Finally I have assume that all four domains (including httpsonlydomain.com) will use the www-backend backend.
If that is the case then this should do the trick:
frontend www-http
bind haproxy_www_public_IP:80
acl https_domain hdr(host) -i httpsonlydomain.com
redirect scheme https if !{ ssl_fc } https_domain
default_backend www-backend
frontend www-https
bind haproxy_www_public_IP:443 ssl crt /etc/ssl/private/example.com.pem
default_backend www-backend
backend www-backend
server www-1 www_1_private_IP:80 check
server www-2 www_2_private_IP:80 check
Hope that helps.
currently I want to deploy my pyramid application on a server. Therefore I'am using NGINX in front of WSGI. There is no problem to configure SSL in NGINX, but for WSGI it is.
Because I have port-forwarding from 80 to 443, the user receives an:
Mixed Content: The page at 'https://example.com' was loaded over HTTPS, but requested an insecure stylesheet 'http://example.com/static/css/bootstrap-3.3.5.min.css'. This request has been blocked; the content must be served over HTTPS.
How can I enable SSL for WSGI?
Thx
Thanks to I can not connect to https waitress wsgi server i found the solution. Just add "url_scheme = https" to your production.ini / development.ini.