0

Right now, I deployed some Amazon Elastic Load Balancers just because I'm using the free AWS SSL certificate for the domain *.mycompany.cxx. So, when a user opens https://service.mycompany.cxx, a load balancer forwards the request to a non-secure HTTP connection to a back-end server's port 80.

I would like to replace that Amazon's load balancers with one EC2 instance with HA Proxy. Don't worry about performance because it's for a development environment.

This is the idea:

  • Buy a new SSL certificate for my domain *.mycompany.cxx
  • Configure HAProxy in the same way: it should receives HTTPS requests in the port 443, and forwards them to the port 80 of different back-end servers. The users will be always connected with HTTPS. Behind the HAProxy server, the connections will be HTTP.

I know how to configure everything except forwarding from HTTPS to HTTP. Even, I don't know if that possible, and that is my question. Is it possible to do that?

EDIT: the name of this kind of proxy is SSL Termination Proxy (Wikipedia, DigitalOcean). Thanks @MarkB

JonDoe297
  • 1,601
  • 1
  • 15
  • 21
  • 2
    Search for "HAProxy SSL Termination" on Google and you will find tons of articles showing how to do this. – Mark B Jul 26 '16 at 16:03

1 Answers1

1

Yes, it's possible.

To make HAProxy accept HTTPS clients and forward their requests to a local non-HTTPS server listening on port 8080, you may have something like this:

frontend https
    mode http
    maxconn 1000
    bind 0.0.0.0:443 ssl crt /etc/haproxy/certs/fullchain.pem
    option forwardfor
    reqadd X-Forwarded-Proto:\ https

    use_backend app

backend app
    mode http
    server srv-app 127.0.0.1:8080 check
jweyrich
  • 31,198
  • 5
  • 66
  • 97