0

https://www.foo.bar is my main domain.

I want to redirect as well everything to bar.foo.

It works fine with http requests, but if I try https://bar.foo, I get a certificate error and the redirect to https://www.foo.bar does not occur.

The relevant part from config should be:

    reqadd X-Forwarded-Proto:\ https
    reqadd X-Forwarded-Port:\ 443

    redirect prefix https://www.foo.bar code 301 if { hdr(host) -i foo.bar}

    redirect prefix https://www.foo.bar code 301 if { hdr(host) -i www.bar.foo }
    redirect prefix https://www.foo.bar code 301 if { hdr(host) -i bar.foo }

    redirect scheme https if !{ ssl_fc }

Where is my mistake? Thanks in Advance.

bentek
  • 2,235
  • 1
  • 15
  • 23
foo bar
  • 11
  • 3

1 Answers1

0

You can't redirect requests unless you have a valid certificate for the domain that is originally requested by the browser.

TLS must be successfully negotiated before the redirect can happen. That is a standard constraint in https, not specific to HAProxy. You need certificates that are valid for all domains for which you are serving any kind of requests, even redirects.

Michael - sqlbot
  • 22,658
  • 2
  • 63
  • 86