HAProxy w/SSL termination and unprotected content

Mark Haney mark.haney at vifprogram.com
Mon Feb 15 14:23:36 UTC 2016 

Hi Sandeep,


I had a running SSL Passthrough configuration all ready built, but had
decided even before that to use SSL termination.  Since that didn't work, I
just went back to the working configuration I had.  I do appreciate the
sample config though.  Like always the Ubuntu list comes through.


On Sat, Feb 13, 2016 at 3:13 AM, sandeep.kose at gmail.com <
sandeep.kose at gmail.com> wrote:

> Missed HAPorxy file in previous mail so attaching in this email.
>
> Thanks & Regards,
> ---
> Sandeep Kose
>
> On Sat, Feb 13, 2016 at 1:41 PM, sandeep.kose at gmail.com <
> sandeep.kose at gmail.com> wrote:
>
>> Hello,
>>
>> I did setup of HAProxy 1.5 on Ubuntu 14.04.3 LTS for HTTP and HTTPs and
>> it is working fine for both. I used *SSL Pass-Through *instead of SSL
>> termination. in the *SSL Pass-Through* SSL connections directly sends to
>> the proxied/backend servers, the SSL connection is terminated at each
>> proxied server. Here SSL certificates configured on backend apache instead
>> of HAProxy.
>>
>> Here is my scenario
>>
>> -- Two backend server running with Apache http and https directory to
>> serve OFBiz code
>> -- HAProxy placed before two backend server to managing load for http and
>> https traffic with sticky session and failover.
>>
>> I am sharing my HAProxy configuration file, see if it work for you. if
>> you don't want use http traffic the remove http block from file.
>>
>> Thanks & Regards,
>> ---
>> Sandeep Kose
>>
>>
>> On Thu, Feb 11, 2016 at 10:02 PM, Mark Haney <mark.haney at vifprogram.com>
>> wrote:
>>
>>> I'm working on setting up a HAProxy load balancer with SSL termination
>>> for adding a second web server to our website.  The site is a Joomla based
>>> site and is currently HTTPS-only, which is fine.  I'd prefer having the SSL
>>> terminated on HAProxy, but something weird is happening and I'm at a loss.
>>>
>>> We've got a verified wildcard SSL certificate for our site which is now
>>> setup on the HAProxy server.  The pair of backend servers are both directly
>>> accessible via HTTP without trouble.  The problem occurs when I connect to
>>> the servers via HTTPS through the load balancer.  Firefox and Chrome both
>>> don't completely render the page at all and I get a warning (in Firefox)
>>> about parts of the page being blocked for being unencrypted.
>>>
>>> Clicking the lock in the address bar in FF I get a message that the
>>> connection was 'partially encrypted'.  Looking through the list of files
>>> not encrypted it lists most of the image files, css and jscript files on
>>> the page.
>>>
>>> I don't get it.  Every tutorial I've googled has the same basic setup as
>>> I have, but there's no mention of this being a problem.  I don't even have
>>> port 80 open on the HAProxy server, so the fact that the files weren't
>>> encrypted makes no sense.
>>>
>>> Any ideas?  Something I've missed?  I've included my haproxy.cfg file if
>>> it'll help.  This copy doesn't have the HTTP port config commented out, but
>>> that's the only difference.
>>>
>>>
>>> --
>>>
>>> Mark Haney ::: Senior Systems Engineer
>>> *VIF* International Education
>>> P.O. Box 3566 ::: Chapel Hill, N.C. 27515 ::: USA
>>> 919-265-5006 office
>>>
>>> Global learning for all.
>>> www.vifprogram.com
>>> <http://www.vifprogram.com/?utm_source=signature&utm_medium=email&utm_campaign=VIF>
>>> Find VIF on Facebook <http://facebook.com/VIFInternationalEducation> |
>>> Twitter <https://twitter.com/vifglobaled> | LinkedIn
>>> <http://www.linkedin.com/company/vif-international-education>
>>>
>>> Recognized as a ‘Best for the World’
>>> <http://bestfortheworld.bcorporation.net/> B Corp!
>>>
>>> --
>>> ubuntu-users mailing list
>>> ubuntu-users at lists.ubuntu.com
>>> Modify settings or unsubscribe at:
>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>>
>>>
>>
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>


-- 

Mark Haney ::: Senior Systems Engineer
*VIF* International Education
P.O. Box 3566 ::: Chapel Hill, N.C. 27515 ::: USA
919-265-5006 office

Global learning for all.
www.vifprogram.com
<http://www.vifprogram.com/?utm_source=signature&utm_medium=email&utm_campaign=VIF>
Find VIF on Facebook <http://facebook.com/VIFInternationalEducation> |
Twitter <https://twitter.com/vifglobaled> | LinkedIn
<http://www.linkedin.com/company/vif-international-education>

Recognized as a ‘Best for the World’
<http://bestfortheworld.bcorporation.net/> B Corp!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20160215/d486b073/attachment.html>

More information about the ubuntu-users mailing list