How to configure ssl offloading with haproxy and pfsense



  • Hello guys ,

    I would like to know how to configure ssl offloading with pf-sense and  haproxy . How this setup will work .Do i need to put backend server on 443 as well instead of port 80. I have confusion here  as my first page work fine but rest of the pages on my site it comes with normal 80 port instead of 443 . Any idea how to configure this setup properly?



  • Hi Kulpreet,

    Problem is likely that your website is using 'absolute' urls, and because the backend is configured to use 'http' it will generate links to```
    page2

    
    To 'fix' this the backend should preferable use 'relative' urls which will automatically pick up the scheme and domain that where used to make the request:
    

    page2

    
    This is part of the 'body' of a reply and that is not something haproxy can 'rewrite'.. Haproxy could 'hint' to the backend that the connection is secure by adding a " X-Forwarded-Proto: HTTPS" in the request, but then still the web application needs to generate the appropriate urls..
    
    Easy 'solution' could indeed be to put the backend on 443 with ssl.. But that does come with a slight performance penalty because traffic needs to be re-encrypted and decrypt ed again. Other option is to not offload at all, but then you have less acl's / options available..
    
    Sorry there is no easy&perfect solution to this issue..
    
    Regards,
    PiBa-NL


  • thanks PiBa-NL for your reply and suggestions.


Log in to reply