HaProxy with Offloading - unable to login to web site
-
Implemented Haproxy with SSL offloading with the backend web site being http. The web site works properly (wordpress) until I try to login. The login screen reverts to a redirect which does not work. Is there a way to fix this?
https://www.abc.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.abc.com%2Fwp-admin%2F&reauth=1
Thanks
cjb
-
You can try this
https://trick77.com/prevent-ssl-redirect-loop-using-wordpress-and-haproxy/If that doesn't work try this: (dislaimer…not sure where I got this from, so use at your own risk, not that it's doing anything malicious)
/** wp-config.php */ /** FIX FOR HTTPS BEHIND A SSL OFFLOADING LOAD BALANCE */ $found = false; foreach (getallheaders() as $name => $value) { //echo "$name: $value "; if ($name == 'X-Forwarded-Proto') { if ($value == 'https') { $_SERVER['HTTPS'] = 'on'; } else { header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'], true, 301); die(); } $found = true; break; } } if ($found === false) { $oops=http_response_code(404); } -
Where do I enter (screen in pfsense haproxy) the code
reqadd X-Forwarded-Proto:\ https
I am not seeing how or where I specify this setting, I'm using PFsense 2.4.1 and Haproxy 0.52_14
Thanks
cjb
-
I dont have the the 2.4.x version on my pfSense boxes that use ha_proxy, but….
I would venture a guess that on your front end, in Advanced pass-thru box - under Advanced settings.Your GUI may be a bit different. You'll need to see what's available to you.
-
The 'Use "forwardfor" option' in the frontend might help?
Otherwise use a 'action' to perform a "http-request header set" with name: X-Forwarded-Proto and fmt: https