Re: haproxy with https webmail not working

From: James Bardin <jbardin#bu.edu>
Date: Fri, 19 Aug 2011 09:28:19 -0400


On Thu, Aug 18, 2011 at 6:37 AM, jayesh.shinde <jayesh.shinde#netcore.co.in> wrote:

> Error Popup :--
> ============
>
> "do you want to view only the webpage content that was deliver securely.
> This webpage contain the content that will not be delivered using the secure
> HTTPS connection, which could compromise the security of entire webpage."
>

This is a separate issue, and is either an apache mis-configuration, or a problem with the webmail software you are using. The server is returning absolute URIs with http:// instead of https://.

> Where as if I check with http://webmail.domain.com , then the mail compose
> and send work properly.

You don't have port 80 bound in your haproxy config. Does http work through haproxy?

> listen  http_proxy  192.168.30.200:81
>         balance     roundrobin
>         option      httpchk
>         option     forwardfor except 192.168.30.200/32

This doesn't do anything, since all the traffic is coming from 192.168.30.200. Also, you can't add X-Forwarded-For headers when you are connected to a standard stunnel, since you don't know the real remote address. You should probably proxy over the loopback interface as well.

>         reqadd      X-Forwarded-Proto:\ https

Note that this only does something if you've configured apache or your software to acknowledge it.

>         option      forwardfor

This canceled out your previous forwardfor line, and adds "X-Forwarded-For: 192.168.30.200".

-jim Received on 2011/08/19 15:28

This archive was generated by hypermail 2.2.0 : 2011/08/19 15:30 CEST