HAProxy w/SSL termination and unprotected content
sandeep.kose at gmail.com
sandeep.kose at gmail.com
Sat Feb 13 08:11:24 UTC 2016
Hello,
I did setup of HAProxy 1.5 on Ubuntu 14.04.3 LTS for HTTP and HTTPs and it
is working fine for both. I used *SSL Pass-Through *instead of SSL
termination. in the *SSL Pass-Through* SSL connections directly sends to
the proxied/backend servers, the SSL connection is terminated at each
proxied server. Here SSL certificates configured on backend apache instead
of HAProxy.
Here is my scenario
-- Two backend server running with Apache http and https directory to serve
OFBiz code
-- HAProxy placed before two backend server to managing load for http and
https traffic with sticky session and failover.
I am sharing my HAProxy configuration file, see if it work for you. if you
don't want use http traffic the remove http block from file.
Thanks & Regards,
---
Sandeep Kose
On Thu, Feb 11, 2016 at 10:02 PM, Mark Haney <mark.haney at vifprogram.com>
wrote:
> I'm working on setting up a HAProxy load balancer with SSL termination for
> adding a second web server to our website. The site is a Joomla based site
> and is currently HTTPS-only, which is fine. I'd prefer having the SSL
> terminated on HAProxy, but something weird is happening and I'm at a loss.
>
> We've got a verified wildcard SSL certificate for our site which is now
> setup on the HAProxy server. The pair of backend servers are both directly
> accessible via HTTP without trouble. The problem occurs when I connect to
> the servers via HTTPS through the load balancer. Firefox and Chrome both
> don't completely render the page at all and I get a warning (in Firefox)
> about parts of the page being blocked for being unencrypted.
>
> Clicking the lock in the address bar in FF I get a message that the
> connection was 'partially encrypted'. Looking through the list of files
> not encrypted it lists most of the image files, css and jscript files on
> the page.
>
> I don't get it. Every tutorial I've googled has the same basic setup as I
> have, but there's no mention of this being a problem. I don't even have
> port 80 open on the HAProxy server, so the fact that the files weren't
> encrypted makes no sense.
>
> Any ideas? Something I've missed? I've included my haproxy.cfg file if
> it'll help. This copy doesn't have the HTTP port config commented out, but
> that's the only difference.
>
>
> --
>
> Mark Haney ::: Senior Systems Engineer
> *VIF* International Education
> P.O. Box 3566 ::: Chapel Hill, N.C. 27515 ::: USA
> 919-265-5006 office
>
> Global learning for all.
> www.vifprogram.com
> <http://www.vifprogram.com/?utm_source=signature&utm_medium=email&utm_campaign=VIF>
> Find VIF on Facebook <http://facebook.com/VIFInternationalEducation> |
> Twitter <https://twitter.com/vifglobaled> | LinkedIn
> <http://www.linkedin.com/company/vif-international-education>
>
> Recognized as a ‘Best for the World’
> <http://bestfortheworld.bcorporation.net/> B Corp!
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20160213/f44e25a4/attachment.html>
More information about the ubuntu-users
mailing list