[stunnel-users] Using stunnel + haproxy for SSL support

• Previous message (by thread): [stunnel-users] Problems with Stunnel 4.22 build
• Next message (by thread): [stunnel-users] Using stunnel + haproxy for SSL support
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 Hi,

I'm having trouble using stunnel and haproxy to load balance https and
http traffic. To be honest, I really don't know wether it is stunnel
or haproxy related so I am going to contact both lists :)

I have set up a haproxy load balancer as http proxy for two backend
Apache2 webservers. It works fine.
I also have stunnel on the same LB to add SSL suport (with
xforwardedfor patch installed). It works fine (mostly).

The issue is related to Apache trailing slash thingie. If I query
https://haproxy.domain.loc/hatest/ it works perfectly, but if I omit
the trailing slash: https://haproxy.domain.loc/hatest then following
things happen:

- Browser makes SSL connection with stunnel on port 443.
- stunnel deciphers and forwards the request on the haproxy attached
to LB's port 80.
- haproxy (now using plain http) forwards to one of the backends.
- Apache2 located on the backend replies with "301 moved permanently"
to force the browser to add the trailing slash. As Apache was queried
by *haproxy in plain http*, the 301 includes http:// on the Location
header. HTTPS is over from now!
- The client browser then rewrites the address to
http://haproxy.domain.loc/hatest/ and SSL is lost forever.

I've been googling and searching the lists but nothing found, just
this old message:

http://mirt.net/pipermail/stunnel-users/2007-January/001437.html

Has anyone found a workaround for that issue?

Thanks in advance.


-- 
Alberto Giménez

• Previous message (by thread): [stunnel-users] Problems with Stunnel 4.22 build
• Next message (by thread): [stunnel-users] Using stunnel + haproxy for SSL support
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]