Currently all traffic is coming to backend servers, which is running on port 80. However we want to redirect some pages to https. This means that whenever the customer hits on login page, logout page present in the website. It should be redirected to https.
When a customer hits on the login button it redirect to https but using haproxy it doesn't work.
https://XXXXXXXX.com/customer/account/login/
We have already installed ssl in both the servers.
However, redirection is not working from http to https.
Please suggest what I should try.
It would be best to use HAproxy to terminate the SSL and talk to the backend servers via HTTP rather than having both HAproxy and the webserver doing SSL.
There is a good SSL setup tutorial here https://www.digitalocean.com/community/tutorials/how-to-implement-ssl-termination-with-haproxy-on-ubuntu-14-04
Related
I have Angular app in IIS, which is configured to work as reverse proxy, directing requests to node backend running in same server. From node there is a redirect third party login. The problem is that when trying to redirect to this third party login page from my node backend, something adds to URL my apps URL like:
myapp.com/thirdpartyurl
even though it should only be:
thirdpartyurl
Does anyone have a clue what might be wrong?
We have a load-balancer sitting in front of two wildfly servers. The load-balancer handles the SSL handshake and forces all traffic over https (http requests are redirected to https requests), the wildfly nodes do not have certificates on them and traffic between load balancer and servers is unencrypted, the wildfly nodes know nothing about the SSL.
When a user hits a protected page the wildfly presents them with a login page. User enters credentials and submits the login form. The wildfly logs user in and then sends a redirect to the user to send them to the desired page. The redirect sent by the wildfly is an HTTP redirect. This gets grabbed by the load-balancer and redirected to HTTPS but I really want to avoid that second redirect. How can I tell the wildfly to return HTTPS redirect after login instead of HTTP?
I followed link but not sure how to deal same between wildlfy undertow load-balancer and wildfly server.
I followed this link also but didn't get any luck.
Below is the detailed solution explanation for the above problem:
We have a load-balancer sitting in front of two wildfly servers. The load-balancer handles the SSL handshake and forces all traffic over https , the wildfly nodes do not have certificates on them and traffic between load balancer and servers is unencrypted, the wildfly nodes know nothing about the SSL.The communication between load balancer and wildfly nodes is via http protocol.
When a user hits a protected page e.g. https://someip/app
Request flow is as below:
Client browser to load balancer via https
Load balancer to wildlfy nodes via http protocol .
It worked after adding proxy-address-forwarding="true" in wildlfy server node's http
listener .
So I have spinnaker running behind an https load balancer and my external ports use the standard 443 which get port mapped to the spinnaker instance still on port 9000. I've gotten pretty much everything to work except a redirect from gate is still appending the :9000 port to my URL.
requests sent to https://my.url.com/gate/auth/redirect?to=https://my.url.com/#/infrastructure send back a redirect response with the location header in the 301 location:https://my.url.com:9000/gate/login which fails because the load balancer is only listening for 443. If I manually delete the port and go right to https://my.url.com/gate/login the oauth flow works as expected and once authed all deck functionality and subsequent gate queries work as expected.
In my /etc/default/spinnaker file I have
SPINNAKER_DECK_BASEURL=https://my.url.com
SPINNAKER_GATE_BASEURL=https://my.url.com/gate
in /opt/spinnaker/config/gate-googleOAuth.yml I have
spring:
oauth2:
client:
preEstablishedRedirectUri: ${SPINNAKER_GATE_BASEURL}/login
useCurrentUri: false
and I've ran /opt/spinnaker/bin/reconfigure_spinnaker.sh plus restarts to make sure deck and gate get updated. Does anyone have any ideas what I might be missing?
I figured out my problem. With the help of this issue pointing me in the right direction (https://github.com/spinnaker/spinnaker/issues/1112) and some digging I found that the issue was with apache2 and the reverse proxy back to gate.
ProxyPassReverse
This directive lets Apache httpd adjust the URL in the Location, Content-Location
and URI headers on HTTP redirect responses. This is essential when Apache httpd
is used as a reverse proxy (or gateway) to avoid bypassing the reverse proxy because
of HTTP redirects on the backend servers which stay behind the reverse proxy.
from apache2 documentation https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse
I'm using a package that connects to a database and presents the database schema as APIs. The package provides the service as a webserver. I can choose to use any port, but it's still HTTP. Even if I run it with port 443, requests must be in the form of http://mydomain:443/
I may be forced to provide the service through SSL. Is it possible to run a webserver which would redirect HTTPS requests to redirect to the package running HTTP on port 80, with the outgoing traffic going back through the webserver to clients as SSL? Essentially, I need some kind of wrapper around the existing app to provide SSL.
If such a thing is possible, which webserver would be the best choice and easiest to administer on Linux?
I'm trying to implement a local web server that handle all the http requests.
Basically, when a user connect to the network and open an url, he is redirected to my local web server.
I'm using dns mask for this purpose and it works pretty well for HTTP traffic.
The problem is with the HTTPS traffic (especially the case when a user perform a search in the chrome navigation bar).
I tried running the server on https with some iptables rules without success.
Is there a way to redirect the https traffic to my local web server ?
Thanks