Skip to content

Redirect http > https #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
johanib wants to merge 1 commit into
base: main
Choose a base branch
from
+14 −7
Open

Redirect http > https #71

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions core/haproxy/haproxy.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ global
group haproxy
ulimit-n 9000
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
stats socket 127.0.0.1:14567
stats socket /var/lib/haproxy/haproxy.stats mode 660 level admin user haproxy group haproxy expose-fd listeners
server-state-file /var/lib/haproxy/state
Expand Down Expand Up @@ -46,9 +46,12 @@ resolvers docker
hold obsolete 10s

frontend fe_web
bind *:443 ssl crt /usr/local/etc/haproxy/haproxy.pem no-sslv3 no-tlsv10 no-tlsv11 alpn h2,http/1.1 transparent
bind *:443 ssl crt /usr/local/etc/haproxy/haproxy.pem no-sslv3 no-tlsv10 no-tlsv11 alpn h2,http/1.1 transparent
bind *:80
http-request set-header X-Forwarded-Proto https

http-request redirect scheme https code 301 if !{ ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }
Copy link
Member

@MKodde MKodde Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🥇


use_backend stat if { path -i /haproxy }
use_backend %[req.hdr(host),lower,map(/usr/local/etc/haproxy/backends.map)]

Expand Down
4 changes: 3 additions & 1 deletion stepup/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@
services:

haproxy:
image: ghcr.io/openconext/openconext-basecontainers/haproxy26:latest
image: ghcr.io/openconext/openconext-basecontainers/haproxy28:latest
ports:
- 80:80
- 443:443
volumes:
- ../core/haproxy/haproxy.pem:/usr/local/etc/haproxy/haproxy.pem
- ../core/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
- ../core/haproxy/backends.map:/usr/local/etc/haproxy/backends.map:ro
Comment on lines +11 to +12
Copy link
Member

@MKodde MKodde Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not understand why these new volumes are required, dev leftover?

Copy link
Contributor Author

@johanib johanib Jan 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the haproxy service that is the actual haproxy in stepup. So without this, it will not use the config files.

networks:
openconextdev:
aliases:
Expand Down
6 changes: 4 additions & 2 deletions stepup/haproxy/Readme.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
The haproxy,.crt file here is a copy of the ../../core/haproxy/haproxy.crt. It is mounted in the containers to be added
to the CA trust store. It cannot be a symlink, because that would break the file in the container.
The haproxy.crt file here is a copy of the ../../core/haproxy/haproxy.crt. It is mounted in the containers to be added
to the CA trust store. It cannot be a symlink, because that would break the file in the container.

The HAProxy configuration (haproxy.cfg) is shared with core and mounted from ../../core/haproxy/haproxy.cfg.
Loading