Haproxy 1.4 content isn't secure
-
dear all,
i have installed haproxy 1.4 in front of 2 web servers for load balancing. In order to do that and since i use ssl, i have configured apache to accept the requests on port 443 and redirect them to another port (8080) where the haproxy is waiting. then haproxy redirects the connection to the app servers. this setup seems to work but when i open the web page of the load balancer there is a working about 'mixed content', and that there is unsecure http content transferred along with https and only when i click on 'disable protection on this page' i am able to see the full content.
here is my config ->
–-
apache->
<virtualhost *:443="">SSLEngine on
SSLProxyEngine on
RewriteEngine On
SSLCertificateFile /home/hap/certif.cer
SSLCertificateKeyFile /home/hap/certif.key
SSLCertificateChainFile /home/hap/certif.crt
ProxyPass / http://192.168.100.142:8080/
ProxyPassReverse / http://192.168.100.142:8080/
<proxy http:="" 127.0.0.1:8080="" *="">Allow from all</proxy></virtualhost>haproxy->
global
maxconn 4096
user haproxy
group haproxy
daemon
spread-checks 5 # 5%uncomment this to get debug output
debug
defaults
log global
mode httpoption httplog
option dontlognull
retries 3
option redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000frontend web
bind *:8080
mode http
default_backend app1backend app1
mode http
option httpclose
balance roundrobin
cookie SRVID insert indirect nocache
option nolinger
option httpchk GET / HTTP/1.0\r\nUser-Agent:\ HAProxyserver app1_1 192.168.100.131:80 cookie app1_1 check inter 10s rise 2 fall 2
server app1_2 192.168.100.132:80 cookie app1_2 check inter 10s rise 2 fall 2could anyone provide any input on why this is happening and how it could be resolved?
thank you in advance
-
Are there img, link, or script tags on your content which contain "http://"? If so, that's the issue.
-
Indeed like Jason writes its likely the page contains contents that it tries to read contents from http://something.. you might also want to give haproxy-devel a try as it natively supports ssl. And also as a possible workaround if the webserver url generation cannot be changed can have the backend connection created over ssl to the webservers.