http to https redirect on site

I'm using spring boot and haproxy.

My spring boot configuration takes care of ssl termination. When users hit my fqdn www.thebestsiteever.com, users get can't find the site error. But if they put https://www.thebestsiteever.com it works just fine. Note that my spring boot app handles ssl and redirects requests from http to https so haproxy was supposed to be a passthrough only for ssl and round robin load balancer.

I've researched many options about redirects but still, the problem persists. Once a user connects with https (1 time), all subsequent requests work as expected meaning www.thebestsiteever.com works even when https is not prefixed, so somehow the https initial data is cached on the client browser. I need users to have access to my site the first time with just www.thebestsiteever.com without adding https to the fqdn. This behavior is evident on all browsers and mobile devices, please see configs below and provide some options for me to fix. I read most of the documentation and there is a bug with spring boot and haproxy regarding this setup but this is what we have at the moment and we would like to make it work.

# haproxy version = 1.6.3

global
  stats socket /var/run/haproxy.sock mode 600 level admin
  stats timeout 2m

  log 127.0.0.1 local0
  log 127.0.0.1 local1 notice
  chroot /var/lib/haproxy
  user haproxy
  group haproxy

defaults
  log global
  mode tcp
  option tcplog
  option dontlognull
  timeout connect 5000ms
  timeout client 50000ms
  timeout server 50000ms

  frontend http-in
    bind *:80
    bind *:443
    mode tcp
    default_backend nodes

    backend nodes
       mode tcp
       balance roundrobin

       server web4 XX.XX.XX.168:9443 check
       server web5 XX.XX.XX.168:9444 check
       server web6 XX.XX.XX.168:9445 check
       server web7 XX.XX.XX.168:9446 check

       # spring boot startup setup
       @Bean
            public EmbeddedServletContainerFactory servletContainer() {
             TomcatEmbeddedServletContainerFactory tomcat =
                    new TomcatEmbeddedServletContainerFactory() {

                @Override
                protected void postProcessContext(Context context) {
                    SecurityConstraint securityConstraint = new 
                     SecurityConstraint();
                    securityConstraint.setUserConstraint("CONFIDENTIAL");
                    SecurityCollection collection = new SecurityCollection();
                    collection.addPattern("/*");
                    securityConstraint.addCollection(collection);
                    context.addConstraint(securityConstraint);
                }
            };
         tomcat.addAdditionalTomcatConnectors(createHttpConnector());
          return tomcat;
      }

      @Value("${server.default.port}")
      private int serverPortHttp;

      @Value("${server.port}")
      private int serverPortHttps;

      private Connector createHttpConnector() {
          Connector connector =
            new Connector("org.apache.coyote.http11.Http11NioProtocol");
           connector.setScheme("https");
         connector.setSecure(false);
         connector.setPort(serverPortHttp);
         connector.setRedirectPort(serverPortHttps);
         return connector;
        }


      #application-stage.yml
       server:
         port: 9443
           ssl:
            key-alias: tomcat
            key-store: classpath:config/keystore.p12
            key-store-password: xxxxxxx
链接地址: http://www.djcxy.com/p/62740.html

上一篇: Haproxy健康检查监视器

下一篇: http到https网站上的重定向