Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy SSL Offloading is not encrypting

    Cache/Proxy
    2
    5
    875
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xuti
      last edited by

      Hi team,

      I've a pfsense 2.3.3 with HAProxy, I've a working set of websites published and now I've configured a SSL offloading in one of them (Wordpress). I've followed this manual:

      https://www.thawes.com/2018/01/configuring-pfsense-haproxy-http-https/

      And all seems to be ok in the configuration, but if I access to the website from the WAN, I got an alert in Chrome, IE or Edge saying that the connection is not completely safe. The Cert appears as OK, expiration date, certification path, etc. But website does not work properly, as the web browser lock most of the scripts of the page as it is considered not secure.

      I've not configured any extra option out of the guide I used. Do you know if I must do anything else? I've checked the logs and no error appears:

      °Jun 4 17:38:13 php-fpm 50548 haproxy: started new pid:4399
      Jun 4 17:38:13 php-fpm 50548 haproxy: reload old pid:98822
      Jun 4 17:38:12 check_reload_status Syncing firewall
      Jun 4 17:38:00 php-fpm 50548 haproxy: started new pid:98822
      Jun 4 17:38:00 php-fpm 50548 haproxy: reload old pid:31706
      Jun 4 17:37:59 check_reload_status Syncing firewall
      Jun 4 17:36:32 php-fpm 50548 haproxy: started new pid:31706
      Jun 4 17:36:32 php-fpm 50548 haproxy: reload old pid:50213
      Jun 4 17:36:28 check_reload_status Syncing firewall
      Jun 4 17:32:40 php-fpm 40867 haproxy: started new pid:50213
      Jun 4 17:32:39 php-fpm 40867 haproxy: reload old pid:88024
      Jun 4 17:19:20 php-fpm 40867 haproxy: started new pid:88024
      Jun 4 17:19:20 php-fpm 40867 haproxy: reload old pid:27328

      Is anything else to be configured? Do you have any step-by-step guide to follow, just to ensure I made all necessary configs?

      Thanks

      P 1 Reply Last reply Reply Quote 0
      • P
        PiBa @xuti
        last edited by

        @xuti
        Have you configured wordpress to 'expect' offloaded traffic and generate the proper urls? https://www.oxcrag.net/2017/04/30/wordpress-behind-haproxy-with-tls-termination/

        1 Reply Last reply Reply Quote 1
        • X
          xuti
          last edited by

          WOW! Your are the one! Thanks PiBa, adding

          if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){

    $_SERVER['HTTPS'] = 'on';
    $_SERVER['SERVER_PORT'] = 443;
}

          To the wp-config.php does the trick.

          I'll do some more tests because I've lots of plugins and want to ensure all is ok.

          Thanks!

          1 Reply Last reply Reply Quote 0
          • X
            xuti
            last edited by

            This post is deleted!
            1 Reply Last reply Reply Quote 0
            • X
              xuti
              last edited by

              I've noticed that all images are pointing to http, so I got a mixed content error. Changing it fixed the error.

              Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.