OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: nibblerrick on November 13, 2019, 10:31:40 am

Title: [solved] HAproxy with https-redirect and letsencrypt http-01
Post by: nibblerrick on November 13, 2019, 10:31:40 am
Hi,

I am a little bit stuck with this situation:
Using letsencryptlugin with http-01 challenge and haproxy. Default configuration works.
Now I like to redirect the incoming http/port 80 traffic to ssl/443, which works fine by defining a condition in haproxy for not-ssl-traffic to be redirected.
But this redirect-rule seems to match before the acme-challenge-rule.
I thought if I modify the acme-rule to use the acme-condition AND not-ssl-condition it should work because it's more specific. But it doesn't.
I tried to find something about this behaviour and read somewhere http-redirect rules are always executed before the other rules but don't know if that's right.

So... what's the correct way to catch the acme-condition and send it to the backend before the ssl-redirect-rule takes effect?

Only similar thin in this forum I could find was in the german section https://forum.opnsense.org/index.php?topic=7880.msg36600#msg36600 (https://forum.opnsense.org/index.php?topic=7880.msg36600#msg36600) but there isn't an answer.

Thanks
Title: Re: [solved] HAproxy with https-redirect and letsencrypt http-01
Post by: nibblerrick on November 13, 2019, 02:56:28 pm
I think I got it, I made a copy of the condition for the acme-challenge but checked the negate option and added this condition to the https-redirect-rule. Now things work as expected.
Maybe this is a little bit more elegant to achieve with a custom rule.