Mascote

notes to self.

HTTP and HTTPS Scheme Redirect With HAProxy.

If you are deploying HAProxy in front of some other web server like Varnish or Nginx and need to ensure certain URI will be accessed only over a secure connection can easily done with HAProxy.

Create a file with the URIs who need to be secured, one per line:

1
2
3
4
5
vim /etc/haproxy/secure-locations.map

/admin
/secure-area
/foo

and put on your frontend definition on haproxy.cfg:

1
2
3
frontend www-http
  ...
  redirect scheme https if { capture.req.uri,map_beg(/etc/haproxy/secure-locations.map) -m found }

and this into your secure frontend definition if you don't want another places to follow the current (https) scheme:

1
2
3
frontend www-https 
  ...
  redirect scheme http if !{ capture.req.uri,map_beg(/etc/haproxy/secure-locations.map) -m found }

Cheers!