[solved] HAproxy with https-redirect and letsencrypt http-01

Started by nibblerrick, November 13, 2019, 10:31:40 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 13, 2019, 10:31:40 AM Last Edit: November 13, 2019, 02:56:57 PM by nibblerrick
Hi,

I am a little bit stuck with this situation:
Using letsencryptlugin with http-01 challenge and haproxy. Default configuration works.
Now I like to redirect the incoming http/port 80 traffic to ssl/443, which works fine by defining a condition in haproxy for not-ssl-traffic to be redirected.
But this redirect-rule seems to match before the acme-challenge-rule.
I thought if I modify the acme-rule to use the acme-condition AND not-ssl-condition it should work because it's more specific. But it doesn't.
I tried to find something about this behaviour and read somewhere http-redirect rules are always executed before the other rules but don't know if that's right.

So... what's the correct way to catch the acme-condition and send it to the backend before the ssl-redirect-rule takes effect?

Only similar thin in this forum I could find was in the german section https://forum.opnsense.org/index.php?topic=7880.msg36600#msg36600 but there isn't an answer.

Thanks
November 13, 2019, 02:56:28 PM #1
I think I got it, I made a copy of the condition for the acme-challenge but checked the negate option and added this condition to the https-redirect-rule. Now things work as expected.
Maybe this is a little bit more elegant to achieve with a custom rule.
Print
Go Up Pages1
User actions