@arlinux wrote:
Hello,
I have haproxy with SSL termination config.
frontend http-in log global maxconn 50000 timeout http-request 5s option forwardfor bind x.x.x.x:80 reqadd X-Forwarded-Proto:\ http mode http redirect scheme https code 301 frontend secure-s log global mode http maxconn 50000 option http-server-close bind x.x.x.x:443 name seapps ssl crt /usr/local/ssl/wc/nwc_rn.pem crt /usr/local/ssl/wc/fullchain.pem alpn h2,http/1.1 acl hsts_exists res.hdr_cnt(Strict-Transport-Security) gt 0 http-response add-header Strict-Transport-Security max-age=31536000;\ includeSubDomains if ! hsts_exists rspadd Content-Security-Policy:\ upgrade-insecure-requests reqadd X-Forwarded-Proto:\ https redirect scheme https code 301 if !{ ssl_fc } default_backend apps backend apps option forwardfor option http-server-close option tcp-smart-connect cookie SERVERID insert server ap1 192.168.1.10:80 maxconn 1000 cookie 1 check server ap2 192.168.1.11:80 maxconn 1000 cookie 2 checkOn Apache server
<VirtualHost *:80> ServerName sd.example.com DocumentRoot /html/static RewriteEngine on #remove slash RewriteRule ^/search-(.*?)-products\/$ /search-$1-products [R=301,L] ... ... </VirtualHost>Now, When I hit
$curl -I https://sd.example.com/search-hr-ele-equip-products/ HTTP/1.1 301 Moved Permanently Date: Mon, 21 May 2018 06:44:17 GMT Server: Apache Location: http://sd.example.com/search-hr-ele-equip-products Content-Type: text/html; charset=iso-8859-1 Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: upgrade-insecure-requests Set-Cookie: SERVERID=1; path=/Location: http://sd.example.com/search-hr-ele-equip-products -----> Again get to https with 301 -I need to eliminate this. Please advise - if I need to add some rules in Apache ?
Posts: 2
Participants: 1