Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to configure ssl offloading with haproxy and pfsense

    Cache/Proxy
    2
    3
    2122
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kulpreet last edited by

      Hello guys ,

      I would like to know how to configure ssl offloading with pf-sense and  haproxy . How this setup will work .Do i need to put backend server on 443 as well instead of port 80. I have confusion here  as my first page work fine but rest of the pages on my site it comes with normal 80 port instead of 443 . Any idea how to configure this setup properly?

      1 Reply Last reply Reply Quote 0
      • P
        PiBa last edited by

        Hi Kulpreet,

        Problem is likely that your website is using 'absolute' urls, and because the backend is configured to use 'http' it will generate links to```
        page2

        
To 'fix' this the backend should preferable use 'relative' urls which will automatically pick up the scheme and domain that where used to make the request:

        page2

        
This is part of the 'body' of a reply and that is not something haproxy can 'rewrite'.. Haproxy could 'hint' to the backend that the connection is secure by adding a " X-Forwarded-Proto: HTTPS" in the request, but then still the web application needs to generate the appropriate urls..

Easy 'solution' could indeed be to put the backend on 443 with ssl.. But that does come with a slight performance penalty because traffic needs to be re-encrypted and decrypt ed again. Other option is to not offload at all, but then you have less acl's / options available..

Sorry there is no easy&perfect solution to this issue..

Regards,
PiBa-NL
        1 Reply Last reply Reply Quote 0
        • K
          kulpreet last edited by

          thanks PiBa-NL for your reply and suggestions.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy