Enforce HTTPS on non standard HTTP port
-
I have been setting up my first pfSense installation for the last days and so far it has been a great experience!
At the moment I am trying to setup HAProxy for my subdomains and Plex.
What I wanna do with the latter is an auto redirect of HTTP to HTTPS is the request has been made with HTTP, likehttp://superduper.domain:32400/web -> https://superduper.domain:32400/web
I have read a lot of redirecting standard port 80 to 443, which seems easier because there are not both possibilities on the same port.
The only thing I came across has been adding "redirect scheme https code 301 if !{ ssl_fc }" to the advanced pass through options which is not working for me:
[WARNING] 349/175323 (46595) : parsing [/var/etc/haproxy/haproxy.cfg:80] : a 'http-request' rule placed after a 'redirect' rule will still be processed before.Anyone can help me with that? Thanks!
-
@umme did you understand that what you trying to do is impossible? You can't bind multiple protocols on same port and IP. http & https is not same protocol, that's why all http is placed on one port and https on another.
You can redirect from any http:port you want to any another https:port, but not same:
http://superduper.domain:80/web > https://superduper.domain:32400/web -
I would do it with a webpage..
https://css-tricks.com/redirect-web-page/
Triggering snowflakes one by one..
-
@chpalmer guy asking for Haproxy redirect o_O, your suggestion is not related to haproxy at all. If you would like to paste link to documentation why not put https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-redirect ? And main problem guy is describing is in that he doesn't understand how web ports working.
Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
Unifi AP-AC-LR with EAP RADIUS, US-24 -
@dragoangel said in Enforce HTTPS on non standard HTTP port:
@chpalmer guy asking for Haproxy redirect
their statement..
What I wanna do with the latter is an auto redirect of HTTP to HTTPS..
This seems to be the base of the OP's question. They can come by to correct me but I would still avoid doing anything other than what I earlier stated if it was my chore. You said you believed it is impossible. Im stating a way to achieve their goal.
:)
Triggering snowflakes one by one..
-
@chpalmer I not like to be rude, but plz open your eyes. Or begin to write checked and working suggestions. Where the ... you see that I said redirect is impossible? I said that you can't host HAproxy http & https on same IP:port at once and because of that, this is core issue of misconfiguration. About what next configuration can we speak if even IP:port binding is incorrect? T__T
And second part is that you point to some post that not related to haproxy manuals. What of this is unclear for you?Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
Unifi AP-AC-LR with EAP RADIUS, US-24 -
question to author: why you not use default http 80 & https 443 ports? What purpose you try to achieve by this?
Better free up 80 and 443 from pgsense to haproxy and use haproxy to route for you. Disable https autoredirect of webconfigurator from port 80 and change webconfigurator https port to 8443 for example. Haproxy is powerful enough to terminate any unwanted connection, I even prefer it over simple NAT in many usecases in tcp mode. This gives more power over SNI, and logging -
@dragoangel said in Enforce HTTPS on non standard HTTP port:
@chpalmer I not like to be rude,
Then don't be. Theres no sense in that. Its just a conversation and a way to learn. No reason to get heated.
Yep- I was not wearing my glasses and missed that he is trying to use the same port. You said "impossible" and I agree.
