http to https redirect on site
I'm using spring boot and haproxy.
My spring boot configuration takes care of ssl termination. When users hit my fqdn www.thebestsiteever.com, users get can't find the site error. But if they put https://www.thebestsiteever.com it works just fine. Note that my spring boot app handles ssl and redirects requests from http to https so haproxy was supposed to be a passthrough only for ssl and round robin load balancer.
I've researched many options about redirects but still, the problem persists. Once a user connects with https (1 time), all subsequent requests work as expected meaning www.thebestsiteever.com works even when https is not prefixed, so somehow the https initial data is cached on the client browser. I need users to have access to my site the first time with just www.thebestsiteever.com without adding https to the fqdn. This behavior is evident on all browsers and mobile devices, please see configs below and provide some options for me to fix. I read most of the documentation and there is a bug with spring boot and haproxy regarding this setup but this is what we have at the moment and we would like to make it work.
# haproxy version = 1.6.3
global
stats socket /var/run/haproxy.sock mode 600 level admin
stats timeout 2m
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
defaults
log global
mode tcp
option tcplog
option dontlognull
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
bind *:443
mode tcp
default_backend nodes
backend nodes
mode tcp
balance roundrobin
server web4 XX.XX.XX.168:9443 check
server web5 XX.XX.XX.168:9444 check
server web6 XX.XX.XX.168:9445 check
server web7 XX.XX.XX.168:9446 check
# spring boot startup setup
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat =
new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new
SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
};
tomcat.addAdditionalTomcatConnectors(createHttpConnector());
return tomcat;
}
@Value("${server.default.port}")
private int serverPortHttp;
@Value("${server.port}")
private int serverPortHttps;
private Connector createHttpConnector() {
Connector connector =
new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setScheme("https");
connector.setSecure(false);
connector.setPort(serverPortHttp);
connector.setRedirectPort(serverPortHttps);
return connector;
}
#application-stage.yml
server:
port: 9443
ssl:
key-alias: tomcat
key-store: classpath:config/keystore.p12
key-store-password: xxxxxxx
链接地址: http://www.djcxy.com/p/62740.html
上一篇: Haproxy健康检查监视器
下一篇: http到https网站上的重定向