Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Enforce HTTPS on non standard HTTP port

    Scheduled Pinned Locked Moved Cache/Proxy
    8 Posts 3 Posters 585 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      umme
      last edited by

      I have been setting up my first pfSense installation for the last days and so far it has been a great experience!
      At the moment I am trying to setup HAProxy for my subdomains and Plex.
      What I wanna do with the latter is an auto redirect of HTTP to HTTPS is the request has been made with HTTP, like

      http://superduper.domain:32400/web -> https://superduper.domain:32400/web

      I have read a lot of redirecting standard port 80 to 443, which seems easier because there are not both possibilities on the same port.

      The only thing I came across has been adding "redirect scheme https code 301 if !{ ssl_fc }" to the advanced pass through options which is not working for me:

      [WARNING] 349/175323 (46595) : parsing [/var/etc/haproxy/haproxy.cfg:80] : a 'http-request' rule placed after a 'redirect' rule will still be processed before. 
      

      Anyone can help me with that? Thanks!

      dragoangelD 1 Reply Last reply Reply Quote 0
      • dragoangelD
        dragoangel @umme
        last edited by dragoangel

        @umme did you understand that what you trying to do is impossible? You can't bind multiple protocols on same port and IP. http & https is not same protocol, that's why all http is placed on one port and https on another.
        You can redirect from any http:port you want to any another https:port, but not same:
        http://superduper.domain:80/web > https://superduper.domain:32400/web

        Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
        Unifi AP-AC-LR with EAP RADIUS, US-24

        1 Reply Last reply Reply Quote 0
        • chpalmerC
          chpalmer
          last edited by

          I would do it with a webpage..

          https://css-tricks.com/redirect-web-page/

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          dragoangelD 1 Reply Last reply Reply Quote 0
          • dragoangelD
            dragoangel @chpalmer
            last edited by dragoangel

            @chpalmer guy asking for Haproxy redirect o_O, your suggestion is not related to haproxy at all. If you would like to paste link to documentation why not put https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-redirect ? And main problem guy is describing is in that he doesn't understand how web ports working.

            Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
            Unifi AP-AC-LR with EAP RADIUS, US-24

            chpalmerC 1 Reply Last reply Reply Quote 0
            • chpalmerC
              chpalmer @dragoangel
              last edited by

              @dragoangel said in Enforce HTTPS on non standard HTTP port:

              @chpalmer guy asking for Haproxy redirect

              their statement..

              What I wanna do with the latter is an auto redirect of HTTP to HTTPS..

              This seems to be the base of the OP's question. They can come by to correct me but I would still avoid doing anything other than what I earlier stated if it was my chore. You said you believed it is impossible. Im stating a way to achieve their goal.

              :)

              Triggering snowflakes one by one..
              Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

              dragoangelD 1 Reply Last reply Reply Quote 0
              • dragoangelD
                dragoangel @chpalmer
                last edited by dragoangel

                @chpalmer I not like to be rude, but plz open your eyes. Or begin to write checked and working suggestions. Where the ... you see that I said redirect is impossible? I said that you can't host HAproxy http & https on same IP:port at once and because of that, this is core issue of misconfiguration. About what next configuration can we speak if even IP:port binding is incorrect? T__T
                And second part is that you point to some post that not related to haproxy manuals. What of this is unclear for you?

                Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
                Unifi AP-AC-LR with EAP RADIUS, US-24

                chpalmerC 1 Reply Last reply Reply Quote 0
                • dragoangelD
                  dragoangel
                  last edited by dragoangel

                  question to author: why you not use default http 80 & https 443 ports? What purpose you try to achieve by this?
                  Better free up 80 and 443 from pgsense to haproxy and use haproxy to route for you. Disable https autoredirect of webconfigurator from port 80 and change webconfigurator https port to 8443 for example. Haproxy is powerful enough to terminate any unwanted connection, I even prefer it over simple NAT in many usecases in tcp mode. This gives more power over SNI, and logging

                  Latest stable pfSense on 2x XG-7100 and 1x Intel Xeon Server, running mutiWAN, he.net IPv6, pfBlockerNG-devel, HAProxy-devel, Syslog-ng, Zabbix-agent, OpenVPN, IPsec site-to-site, DNS-over-TLS...
                  Unifi AP-AC-LR with EAP RADIUS, US-24

                  1 Reply Last reply Reply Quote 0
                  • chpalmerC
                    chpalmer @dragoangel
                    last edited by

                    @dragoangel said in Enforce HTTPS on non standard HTTP port:

                    @chpalmer I not like to be rude,

                    Then don't be. Theres no sense in that. Its just a conversation and a way to learn. No reason to get heated.

                    Yep- I was not wearing my glasses and missed that he is trying to use the same port. You said "impossible" and I agree.

                    Triggering snowflakes one by one..
                    Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.