Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Haproxy 1.4 content isn't secure

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MirrorX
      last edited by

      dear all,

      i have installed haproxy 1.4 in front of 2 web servers for load balancing. In order to do that and since i use ssl, i have configured apache to accept the requests on port 443 and redirect them to another port (8080) where the haproxy is waiting. then haproxy redirects the connection to the app servers. this setup seems to work but when i open the web page of the load balancer there is a working about 'mixed content', and that there is unsecure http content transferred along with https and only when i click on 'disable protection on this page' i am able to see the full content.

      here is my config ->
      –-
      apache->
      <virtualhost *:443="">SSLEngine on
      SSLProxyEngine on
      RewriteEngine On
      SSLCertificateFile /home/hap/certif.cer
      SSLCertificateKeyFile /home/hap/certif.key
      SSLCertificateChainFile /home/hap/certif.crt
      ProxyPass / http://192.168.100.142:8080/
      ProxyPassReverse / http://192.168.100.142:8080/
      <proxy http:="" 127.0.0.1:8080="" *="">Allow from all</proxy></virtualhost>

      haproxy->
      global
      maxconn 4096
      user haproxy
      group haproxy
      daemon
      spread-checks 5 # 5%

      uncomment this to get debug output

      debug

      defaults
      log global
      mode http

      option httplog

      option dontlognull
      retries 3
      option redispatch
      maxconn 2000
      contimeout 5000
      clitimeout 50000
      srvtimeout 50000

      frontend web
      bind *:8080
      mode http
      default_backend app1

      backend app1
      mode http
      option httpclose
      balance roundrobin
      cookie SRVID insert indirect nocache
      option nolinger
      option httpchk GET / HTTP/1.0\r\nUser-Agent:\ HAProxy

      server app1_1 192.168.100.131:80 cookie app1_1 check inter 10s rise 2 fall 2
      server app1_2 192.168.100.132:80 cookie app1_2 check inter 10s rise 2 fall 2

      could anyone provide any input on why this is happening and how it could be resolved?

      thank you in advance

      1 Reply Last reply Reply Quote 0
      • J
        jasonlitka
        last edited by

        Are there img, link, or script tags on your content which contain "http://"?  If so, that's the issue.

        I can break anything.

        1 Reply Last reply Reply Quote 0
        • P
          PiBa
          last edited by

          Indeed like Jason writes its likely the page contains contents that it tries to read contents from http://something..  you might also want to give haproxy-devel a try as it natively supports ssl. And also as a possible workaround if the webserver url generation cannot be changed can have the backend connection created over ssl to the webservers.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.