HaProxy with Offloading - unable to login to web site



  • Implemented Haproxy with SSL offloading with the backend web site being http. The web site works properly (wordpress) until I try to login.  The login screen reverts to a redirect which does not work.  Is there a way to fix this?

    https://www.abc.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.abc.com%2Fwp-admin%2F&reauth=1

    Thanks

    cjb



  • You can try this
    https://trick77.com/prevent-ssl-redirect-loop-using-wordpress-and-haproxy/

    If that doesn't work try this: (dislaimer…not sure where I got this from, so use at your own risk, not that it's doing anything malicious)

    
    /** wp-config.php */
    /** FIX FOR HTTPS BEHIND A SSL OFFLOADING LOAD BALANCE */
    $found = false;
    foreach (getallheaders() as $name => $value) {
        //echo "$name: $value
    ";
        if ($name == 'X-Forwarded-Proto') {
            if ($value == 'https') {
              $_SERVER['HTTPS'] = 'on';
            } else {
                header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], true, 301);
                die();
            }
            $found = true;
            break;
        }
    }
    if ($found === false) {
      $oops=http_response_code(404);
    }
    


  • Where do I enter (screen in pfsense haproxy) the code

    reqadd X-Forwarded-Proto:\ https

    I am not seeing how or where I specify this setting, I'm using PFsense 2.4.1 and Haproxy 0.52_14

    Thanks

    cjb



  • I dont have the the 2.4.x version on my pfSense boxes that use ha_proxy, but….
    I would venture a guess that on your front end, in Advanced pass-thru box - under Advanced settings.

    Your GUI may be a bit different.  You'll need to see what's available to you.



  • The 'Use "forwardfor" option' in the frontend might help?

    Otherwise use a 'action' to perform a "http-request header set" with name: X-Forwarded-Proto and fmt: https


Log in to reply