3

I have two servers which have the same URL but the port number may change.

I want to redirect these two URLs HTTPS.

If I enter my first URL (http://example.com) then I want to it will redirect to https://example.com.

If I enter second URL (http://example.com:8080) then I want to it redirect to https://example.com:8080.

See My Configurations:

frontend www-HTTP
  bind *:80
  bind *:443 ssl crt /etc/apache2/ssl/apache.pem
  reqadd X-Forwarded-Proto:\ https
  default_backend tcp-backend
  mode tcp

frontend TCP-HTTP
  bind *:8080
  bind *:8443 ssl crt /etc/apache2/ssl/paritech.pem
  reqadd X-Forwarded-Proto:\ https
  default_backend www-backend
  mode tcp

backend www-backend
  redirect scheme https if !{ ssl_fc }
  server dev.example.com 192.168.1.120:8080 check

backend TCP-backend
  redirect scheme https if !{ ssl_fc }
  server qa.example.com 192.168.1.120:80 check

How can I redirect 8080 over 8443 for HTTPS..

GregL
  • 9,370
  • 2
  • 25
  • 36
parag bharne
  • 33
  • 1
  • 4
  • What have you tried? Also, I don't think you can use the `redirect scheme` options if you're in `mode tcp`, but I could be wrong. – GregL Feb 07 '17 at 12:31
  • if my configurations was wrong then please suggest me @GregL , I want to redirect the request to the backend for https – parag bharne Feb 07 '17 at 12:56
  • I think just changing your modes from `tcp` to `http` will fix it for you. In `mode tcp` the front-end will do the SSL termination, but the redirects in the backends won't work because that's a layer 7 job, which you're not doing. – GregL Feb 07 '17 at 13:05
  • in case of 80 it will work fine but not working in case of 8080 over 8443, how 8080 will know it goes to 8443 for ssl @GregL – parag bharne Feb 07 '17 at 13:58
  • Are you wondering how it will work, or are you saying it doesn't work? – GregL Feb 07 '17 at 14:02
  • it works for 80 redirects to https backends over 443, but 8080 not redirect. I want to take port 8443 as SSL port for 8080. – parag bharne Feb 07 '17 at 14:12

1 Answers1

5

The documentation of redirect scheme says

With "redirect scheme", then the "Location" header is built by concatenating with "://" then the first occurrence of the "Host" header, and then the URI path, including the query string...

There is the problem: it is using the Host Header and there is your 8080...

Here is a possible solution:

http-request replace-header Host ^(.*?)(:[0-9]+)?$ \1:8443
http-request redirect scheme https if !{ ssl_fc }

That replace the Host header with the correct port...

Lutz Reinhardt
  • 168
  • 7