HAProxy redirecting http to https ssl

Question

I m using HAProxy for load balancing and only want my site to support https  Thus  I d like to redirect all requests on port 80 to port 443    How would I do this   Edit  We d like to redirect to the same url on https  preserving query params  Thus  http   foo com bar would redirect to https   foo com bar

User · Answer

Add this into the HAProxy frontend config   acl http      ssl fc not http-request redirect scheme https if http      HAProxy - Redirecting HTTP Requests

User · Answer

Like Jay Taylor said  HAProxy 1 5-dev has the redirect scheme configuration directive  which accomplishes exactly what you need   However  if you are unable to use 1 5  and if you re up for compiling HAProxy from source  I backported the redirect scheme functionality so it works in 1 4  You can get the patch here  http   marc info  l haproxy amp m 138456233430692 amp w 2

User · Answer

In newer versions of HAProxy it is recommended to use   http-request redirect scheme https if    ssl fc     to redirect http traffic to https

User · Answer

Simply  frontend incoming requsts         bind   80         bind   443 ssl crt  path to cert    pem             http-request redirect scheme https unless   ssl fc             default backend k8s nodes

User · Answer

According to http   parsnips net haproxy-http-to-https-redirect  it should be as easy as configuring your haproxy cfg to contain the follow    ---------------------------------------------------------------------   Redirect to secured  --------------------------------------------------------------------- frontend unsecured   80     redirect location https   foo bar com   ---------------------------------------------------------------------   frontend secured  --------------------------------------------------------------------- frontend  secured   443    mode  tcp    default backend      app   ---------------------------------------------------------------------   round robin balancing between the various backends  --------------------------------------------------------------------- backend app     mode  tcp     balance roundrobin     server  app1 127 0 0 1 5001 check     server  app2 127 0 0 1 5002 check     server  app3 127 0 0 1 5003 check     server  app4 127 0 0 1 5004 check

User · Answer

The best guaranteed way to redirect everything http to https is   frontend http-in    bind   80    mode http    redirect scheme https code 301   This is a little fancier using    code 301   but might as well let the client know it   s permanent  The    mode http    part is not essential with default configuration  but can   t hurt  If you have mode tcp in defaults section  like I did   then it   s necessary

User · Answer

Can be done like this -    frontend http-in    bind   80    mode http    redirect scheme https code 301   Any traffic hitting http will redirect to https

User · Answer

redirect statement is legacy  use http-request redirect instead  acl http      ssl fc not http-request redirect scheme https if http

User · Answer

frontend unsecured   80     mode http     redirect location https   foo bar com

User · Answer

acl host-example hdr host  -i www example com      for everything not https   http-request redirect scheme https code 301 unless   ssl fc        for anything matching acl   http-request redirect scheme https code 301 if host-example    ssl fc

User · Answer

I don t have enough reputation to comment on a previous answer  so I m posting a new answer to complement Jay Taylor s answer  Basically his answer will do the redirect  an implicit redirect though  meaning it will issue a 302  temporary redirect   but since the question informs that the entire website will be served as https  then the appropriate redirect should be a 301  permanent redirect    redirect scheme https code 301 if    ssl fc     It seems a small change  but the impact might be huge depending on the website  with a permanent redirect we are informing the browser that it should no longer look for the http version from the start  avoiding future redirects  - a time saver for https sites  It also helps with SEO  but not dividing the juice of your links

User · Answer

A slight variation of user2966600 s solution     To redirect all except a single URL  In case of multiple frontend backend    redirect scheme https if    hdr Host  -i www mydomain com      ssl fc

User · Answer

Why don t you use ACL s to distinguish traffic   on top of my head   acl go sslwebserver path bar use backend sslwebserver if go sslwebserver   This goes on top of what Matthew Brown answered   See the ha docs   search for things like hdr dom and below to find more ACL options   There are plenty of choices

User · Answer

To redirect all traffic    redirect scheme https if    ssl fc    To redirect a single url  In case of multiple frontend backend    redirect scheme https if   hdr Host  -i www mydomain com      ssl fc

User · Answer

If you want to rewrite the url  you have to change your site virtualhost adding this lines       Enabling mod rewrite Options FollowSymLinks RewriteEngine on      Rewrite http      gt  https    RewriteCond   SERVER PORT  80  RewriteRule        https     HTTP HOST  1  R 301 NC L    But  if you want to redirect all your requests on the port 80 to the port 443 of the web servers behind the proxy  you can try this example conf on your haproxy cfg                Global              global     maxconn 100     spread-checks 50     daemon     nbproc 4                 Defaults                defaults     maxconn 100     log global     mode http     option dontlognull     retries 3     contimeout 60000     clitimeout 60000     srvtimeout 60000                          Frontend  HTTP-IN                         frontend http-in     bind   80     option logasap     option httplog     option httpclose     log global     default backend sslwebserver                              Backend  SSLWEBSERVER                             backend sslwebserver     option httplog     option forwardfor     option abortonclose     log global     balance roundrobin       Server List     server sslws01 webserver01 443 check     server sslws02 webserver02 443 check     server sslws03 webserver03 443 check   I hope this help you

User · Answer

I found this to be the biggest help   Use HAProxy 1 5 or newer  and simply add the following line to the frontend config   redirect scheme https code 301 if    ssl fc

[http] HAProxy redirecting http to https (ssl)

Examples related to http

Examples related to redirect

Examples related to ssl

Examples related to https

Examples related to haproxy