1
19.7 Legacy Series / [solved] HAproxy with https-redirect and letsencrypt http-01
« on: November 13, 2019, 10:31:40 am »
Hi,
I am a little bit stuck with this situation:
Using letsencryptlugin with http-01 challenge and haproxy. Default configuration works.
Now I like to redirect the incoming http/port 80 traffic to ssl/443, which works fine by defining a condition in haproxy for not-ssl-traffic to be redirected.
But this redirect-rule seems to match before the acme-challenge-rule.
I thought if I modify the acme-rule to use the acme-condition AND not-ssl-condition it should work because it's more specific. But it doesn't.
I tried to find something about this behaviour and read somewhere http-redirect rules are always executed before the other rules but don't know if that's right.
So... what's the correct way to catch the acme-condition and send it to the backend before the ssl-redirect-rule takes effect?
Only similar thin in this forum I could find was in the german section https://forum.opnsense.org/index.php?topic=7880.msg36600#msg36600 but there isn't an answer.
Thanks
I am a little bit stuck with this situation:
Using letsencryptlugin with http-01 challenge and haproxy. Default configuration works.
Now I like to redirect the incoming http/port 80 traffic to ssl/443, which works fine by defining a condition in haproxy for not-ssl-traffic to be redirected.
But this redirect-rule seems to match before the acme-challenge-rule.
I thought if I modify the acme-rule to use the acme-condition AND not-ssl-condition it should work because it's more specific. But it doesn't.
I tried to find something about this behaviour and read somewhere http-redirect rules are always executed before the other rules but don't know if that's right.
So... what's the correct way to catch the acme-condition and send it to the backend before the ssl-redirect-rule takes effect?
Only similar thin in this forum I could find was in the german section https://forum.opnsense.org/index.php?topic=7880.msg36600#msg36600 but there isn't an answer.
Thanks