HAProxy w/SSL termination and unprotected content

Mark Haney mark.haney at vifprogram.com
Thu Feb 11 16:32:21 UTC 2016 

I'm working on setting up a HAProxy load balancer with SSL termination for
adding a second web server to our website.  The site is a Joomla based site
and is currently HTTPS-only, which is fine.  I'd prefer having the SSL
terminated on HAProxy, but something weird is happening and I'm at a loss.

We've got a verified wildcard SSL certificate for our site which is now
setup on the HAProxy server.  The pair of backend servers are both directly
accessible via HTTP without trouble.  The problem occurs when I connect to
the servers via HTTPS through the load balancer.  Firefox and Chrome both
don't completely render the page at all and I get a warning (in Firefox)
about parts of the page being blocked for being unencrypted.

Clicking the lock in the address bar in FF I get a message that the
connection was 'partially encrypted'.  Looking through the list of files
not encrypted it lists most of the image files, css and jscript files on
the page.

I don't get it.  Every tutorial I've googled has the same basic setup as I
have, but there's no mention of this being a problem.  I don't even have
port 80 open on the HAProxy server, so the fact that the files weren't
encrypted makes no sense.

Any ideas?  Something I've missed?  I've included my haproxy.cfg file if
it'll help.  This copy doesn't have the HTTP port config commented out, but
that's the only difference.


-- 

Mark Haney ::: Senior Systems Engineer
*VIF* International Education
P.O. Box 3566 ::: Chapel Hill, N.C. 27515 ::: USA
919-265-5006 office

Global learning for all.
www.vifprogram.com
<http://www.vifprogram.com/?utm_source=signature&utm_medium=email&utm_campaign=VIF>
Find VIF on Facebook <http://facebook.com/VIFInternationalEducation> |
Twitter <https://twitter.com/vifglobaled> | LinkedIn
<http://www.linkedin.com/company/vif-international-education>

Recognized as a ‘Best for the World’
<http://bestfortheworld.bcorporation.net/> B Corp!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20160211/35245bba/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: haproxy.cfg
Type: application/octet-stream
Size: 1518 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20160211/35245bba/attachment.obj>

More information about the ubuntu-users mailing list