Skip to content

Redirect http > https #71

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
johanib merged 1 commit into from
Jan 19, 2026
Merged

Redirect http > https #71

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions core/haproxy/haproxy.cfg
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ global
group haproxy
ulimit-n 9000
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+AESGCM:DH+AES256:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
stats socket 127.0.0.1:14567
stats socket /var/lib/haproxy/haproxy.stats mode 660 level admin user haproxy group haproxy expose-fd listeners
server-state-file /var/lib/haproxy/state
Expand Down Expand Up @@ -46,9 +46,12 @@ resolvers docker
hold obsolete 10s

frontend fe_web
bind *:443 ssl crt /usr/local/etc/haproxy/haproxy.pem no-sslv3 no-tlsv10 no-tlsv11 alpn h2,http/1.1 transparent
bind *:443 ssl crt /usr/local/etc/haproxy/haproxy.pem no-sslv3 no-tlsv10 no-tlsv11 alpn h2,http/1.1 transparent
bind *:80
http-request set-header X-Forwarded-Proto https

http-request redirect scheme https code 301 if !{ ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc }

use_backend stat if { path -i /haproxy }
use_backend %[req.hdr(host),lower,map(/usr/local/etc/haproxy/backends.map)]

Expand Down
4 changes: 3 additions & 1 deletion stepup/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@
services:

haproxy:
image: ghcr.io/openconext/openconext-basecontainers/haproxy26:latest
image: ghcr.io/openconext/openconext-basecontainers/haproxy28:latest
ports:
- 80:80
- 443:443
volumes:
- ../core/haproxy/haproxy.pem:/usr/local/etc/haproxy/haproxy.pem
- ../core/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro
- ../core/haproxy/backends.map:/usr/local/etc/haproxy/backends.map:ro
networks:
openconextdev:
aliases:
Expand Down
6 changes: 4 additions & 2 deletions stepup/haproxy/Readme.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,4 @@
The haproxy,.crt file here is a copy of the ../../core/haproxy/haproxy.crt. It is mounted in the containers to be added
to the CA trust store. It cannot be a symlink, because that would break the file in the container.
The haproxy.crt file here is a copy of the ../../core/haproxy/haproxy.crt. It is mounted in the containers to be added
to the CA trust store. It cannot be a symlink, because that would break the file in the container.

The HAProxy configuration (haproxy.cfg) is shared with core and mounted from ../../core/haproxy/haproxy.cfg.
Loading