Skip to content

Commit b957d55

Browse files
johanibjohanib
committed
Redirect http > https
In order to prevent duplicate configurations, refer to the core config in stepup. `option forwarded` produced an error (haproxy would not start), so changed to `forwardfor`
1 parent b8f6cdd commit b957d55

File tree

3 files changed

+14
-7
lines changed

3 files changed

+14
-7
lines changed

core/haproxy/haproxy.cfg

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,9 +8,9 @@ global
88
group haproxy
99
ulimit-n 9000
1010
ssl-default-bind-options no-sslv3 no-tls-tickets
11-
ssl-default-bind-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
11+
ssl-default-bind-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
1212
ssl-default-server-options no-sslv3 no-tls-tickets
13-
ssl-default-server-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
13+
ssl-default-server-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
1414
stats socket 127.0.0.1:14567
1515
stats socket /var/lib/haproxy/haproxy.stats mode 660 level admin user haproxy group haproxy expose-fd listeners
1616
server-state-file /var/lib/haproxy/state
@@ -46,9 +46,12 @@ resolvers docker
4646
hold obsolete 10s
4747

4848
frontend fe_web
49-
bind *:443 ssl crt /usr/local/etc/haproxy/haproxy.pem no-sslv3 no-tlsv10 no-tlsv11 alpn h2,http/1.1 transparent
49+
bind *:443 ssl crt /usr/local/etc/haproxy/haproxy.pem no-sslv3 no-tlsv10 no-tlsv11 alpn h2,http/1.1 transparent
5050
bind *:80
51-
http-request set-header X-Forwarded-Proto https
51+
52+
http-request redirect scheme https code 301 if !{ ssl_fc }
53+
http-request set-header X-Forwarded-Proto https if { ssl_fc }
54+
5255
use_backend stat if { path -i /haproxy }
5356
use_backend %[req.hdr(host),lower,map(/usr/local/etc/haproxy/backends.map)]
5457

stepup/docker-compose.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,14 @@
22
services:
33

44
haproxy:
5-
image: ghcr.io/openconext/openconext-basecontainers/haproxy26:latest
5+
image: ghcr.io/openconext/openconext-basecontainers/haproxy28:latest
66
ports:
77
- 80:80
88
- 443:443
99
volumes:
1010
- ../core/haproxy/haproxy.pem:/usr/local/etc/haproxy/haproxy.pem
11+
- ../core/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
12+
- ../core/haproxy/backends.map:/usr/local/etc/haproxy/backends.map:ro
1113
networks:
1214
openconextdev:
1315
aliases:

stepup/haproxy/Readme.txt

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,4 @@
1-
The haproxy,.crt file here is a copy of the ../../core/haproxy/haproxy.crt. It is mounted in the containers to be added
2-
to the CA trust store. It cannot be a symlink, because that would break the file in the container.
1+
The haproxy.crt file here is a copy of the ../../core/haproxy/haproxy.crt. It is mounted in the containers to be added
2+
to the CA trust store. It cannot be a symlink, because that would break the file in the container.
3+
4+
The HAProxy configuration (haproxy.cfg) is shared with core and mounted from ../../core/haproxy/haproxy.cfg.

0 commit comments

Comments
 (0)