Docker Community Forums

Share and learn in the Docker community.

Haproxy force_ssl configuration not working


(Peterlauri) #1

I have a service that expose port 80. And I link that service in haproxy service. All works fine, until I try to establish SSL termination. Actually, the SSL termination works, but I cannot get the FORCE_SSL setting to work as I expect it to work. With the below configuration (image), I can access https://.com with SSL termination functional as it should. But if I go to http://.com I get connection refused in the browser.

I’m using haproxy service, and have read documentation here:


https://docs.docker.com/docker-cloud/tutorials/load-balance-hello-world/

My service configuration of the service that is linked to haproxy:

Haproxy configuration is 80:80 and 443:443.


(Andrew) #2

It sounds like it is running correctly, it is blocking http, what you need to do is redirect http to https, not block http.

try adding

‘EXTRA_SETTINGS=acl is_http hdr(X-Forwarded-Proto) http,redirect scheme https code 301 if is_http’

We use it on our individual service, and don’t force on the haproxy, but I don’t see why it wouldn’t work on the haproxy service

A useful resource might be https://www.haproxy.com/doc/aloha/7.0/haproxy/http_redirection.html


(Peterlauri) #3

I didn’t try your approach @learningstaircase, but I got it to work. I was missing the VIRTUAL_HOST setting for the http:// scheme. I thought only one pattern was allowed. But when reading the docs here it states that it is a comma separated list.

The following configuration worked for me.