HAproxy issue after installing 2.3.5 (SOLVED)
-
Indeed haproxy cannot send a http redirect when operating in tcp mode.
The redirect that seems to happen anyway might be a cached hsts header (usually hard but possible to erase from the browser memory, take more then just deleting cookies though..)
Or also the 'webgui redirect' from pfSense System/Advanced/AdminAccess which will be listening on port 80. -
Thanks for the reply, as i changed the port to 81 so it wont listen but same concept because HTTP cannot be directed to HTTPS. Would there be any other way using the TCP mode on HAproxy? Rewriting the URL maybe?
The redirect that seems to happen anyway might be a cached hsts header (usually hard but possible to erase from the browser memory, take more then just deleting cookies though..)
what i did is on chrome crtl+shift+delete, deleted everything closed it and opened it and bam wont redirect. of Course on firefox did not delete anything and went perfect. The issue with that is when a user or client has never gone to the website there either going to error or it wont load unless they put https://
Thank you
-
For the redirect from http to https to work you must have something that listens on :80 and performs the redirect. This could be done with a frontend specifically made for this and without any backends. It could have a single action that performs the redirect.
-
Thanks for the quick reply,
So on HAproxy i added another frontend
But when i try to apply settings im getting this errorErrors found while starting haproxy [ALERT] 309/165522 (51624) : parsing [/var/etc/haproxy_test/haproxy.cfg:45] : error detected in frontend 'HTTP' while parsing 'http-request redirect' rule : redirection type expected ('prefix', 'location', or 'scheme'). [ALERT] 309/165522 (51624) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfgsee picture
Thank you
-
Must tell it what type of redirect to perform "scheme https" in your case..
 -
Thank you for the quick reply, that did the trick. for anyone else having this issue here is the screen shot for working SSL, the only tiny issue is the www, if someone puts www.mydomain.com it wont direct it to mydomain. i tried adding on rule prefix https but no luck, was reading the manual HAproxy but did not find any other rule that would apply for the www
Thank you again
-
The www prefix rule needs a bit more content in its action i think: "prefix https://mydomain.com"
-
Thanks for the reply, as for the prefix i tried
prefix https://mydomain.com
prefix https://www.mydomain.comI also changed ACL because realized that the web_acl www.mydomain.com wont work because all www on nginx gets redirect to mydomain.com
So instead redirect to mydomain.com but unfortunately did not work
Thank you
-
well.. www only gets redirected by nginx webserver if the traffic gets to it as far as ive see the 443 frontend doesnt check for www to pass to the right backend.?.
anyhow using the "prefix https://mydomain.com" should work to redirect http://www.domain.com to https://domain.com, browser caches of previous followed redirects aside..
-
Thanks for the reply, so after hours trail and error this is the config that worked to redirect the www to mydomain.com whats odd that every browser worked by putting the www.mydomain.com besides safari on the iphone but i guess who knows what safari does that wont let redirect, besides that internet explorer, chrome, firefox, puffin all worked well.
What i did is to create another acl web2 host start with www then below with the prefixprefix https://mydomain.comwhich points to web2
Thank you again for all the help hope this helps others see picture
