Skip to content

Redirect http > https #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
johanib merged 1 commit into from
Jan 19, 2026
Merged

Redirect http > https #71

johanib merged 1 commit into from
Jan 19, 2026

Conversation

@johanib
Copy link
Contributor

@johanib johanib commented Jan 15, 2026
edited
Loading

I lost much time tracing error messages before discovering the login flow started on http instead of https.
In order to prevent these issues in the future, ensure all requests use https. (except for the mailcatcher, which is not routed through haproxy).

In order to prevent duplicate configurations, the haproxy config from core is linked into stepup, as that specific config also has all stepup projects mapped.

@MKodde
Copy link
Member

MKodde commented Jan 15, 2026

I ran a couple of test scenarios in core and all seemed to work as intended. Even mailcatcher (which explicitly runs on port 80) was available. And was not promoted to use SSL. Why that works remains a mystery to me.

Now that I'm thinking about it a bit more, that is probably because mailcatcher is not part of the HaProxy load balancing act.

MKodde
MKodde reviewed Jan 15, 2026
View reviewed changes
Copy link
Member

@MKodde MKodde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not feel like the most apparent reviewer, but I did test the core and stepup environments with your new addition to the HaProxy config. And that worked really well!

See some questions/remarks below.

@johanib
Redirect http > https
b957d55 
In order to prevent duplicate configurations, refer to the core config in stepup.

`option forwarded` produced an error (haproxy would not start), so changed to `forwardfor`
@johanib johanib force-pushed the feature/stepup-https-only branch from 41619c7 to b957d55 Compare January 15, 2026 14:15
@johanib johanib marked this pull request as ready for review January 15, 2026 14:51
@johanib
Copy link
Contributor Author

johanib commented Jan 19, 2026

Discussed with Pieter. Good enough to try!

@johanib johanib merged commit c8d6a1e into main Jan 19, 2026
2 checks passed
@johanib johanib deleted the feature/stepup-https-only branch January 19, 2026 10:16
@pmeulen
Copy link
Member

pmeulen commented Jan 20, 2026

Yes, nice fix!

Here, when it seem to work, it probably does ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MKodde MKodde MKodde left review comments

@baszoetekouw baszoetekouw Awaiting requested review from baszoetekouw

@pmeulen pmeulen Awaiting requested review from pmeulen

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@johanib @MKodde @pmeulen