HAProxy w/SSL termination mixed content issue.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've got a problem I can't quite figure out and I'm hoping a Fedora list member can give me a hand.  These systems are all Ubuntu based, but this doesn't appear to be an OS related issue as much as maybe I'm missing something with the configuration.  

We're needing to scale out one of our websites to multiple web servers.  We've already scaled the DB into a 4 node cluster using haproxy with great success, so the plan has been to use haproxy for load balancing the web servers as well.  (not the same haproxy, obviously)

The catch is that the existing website is HTTPS, and has been for well over a year.  I want to have the load balancer handle the SSL end and use straight HTTP to the web servers to ease application debugging.  As I'd never done SSL termination, I essentially copied one of the many template configs on the interwebs.  

Here's my problem.  When I pull the page from the web server itself (HTTP) it renders fine.  When I pull it through the load balancer (HTTPS) it doesn't with an error about mixed content.  Based on my research this should make the client see everything as coming from an SSL source even if it doesn't:

frontend lc_www
bind *:80
bind *:443 ssl crt /etc/ssl/private/vif.pem
acl secure dst_port eq 443
redirect scheme https if !{ ssl_fc }
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains;\ preload
rsprep ^Set-Cookie:\ (.*) Set-Cookie:\ \1;\ Secure if secure
default_backend lc_webfarm

backend lc_webfarm
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }

server sb3 10.42.204.182:80

When I disable 'protection' in FF the site renders fine.  When I enable SSL on the web servers directly, I do not get this error at all (and have never received this error in the near two years it's been HTTPS only).  The website itself is joomla based, but I can't see how that's part of the problem.

Is there something weird with my config?  Or can someone begin to tell me where to start debugging.  BTW, this is using the latest Haproxy v1.6.  

Any ideas?  

--

Mark Haney ::: Senior Systems Engineer

VIF International Education
P.O. Box 3566 ::: Chapel Hill, N.C. 27515 ::: USA
919-265-5006 office

Global learning for all.
www.vifprogram.com
Find VIF on Facebook | Twitter | LinkedIn

Recognized as a ‘Best for the World’ B Corp!

Attachment: haproxy.cfg
Description: Binary data

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux