Redirect http > https #71
Conversation
|
I ran a couple of test scenarios in Now that I'm thinking about it a bit more, that is probably because mailcatcher is not part of the HaProxy load balancing act. |
MKodde
left a comment
MKodde
left a comment
There was a problem hiding this comment.
I do not feel like the most apparent reviewer, but I did test the core and stepup environments with your new addition to the HaProxy config. And that worked really well!
See some questions/remarks below.
| - ../core/haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg:ro | ||
| - ../core/haproxy/backends.map:/usr/local/etc/haproxy/backends.map:ro |
There was a problem hiding this comment.
I do not understand why these new volumes are required, dev leftover?
There was a problem hiding this comment.
This is the haproxy service that is the actual haproxy in stepup. So without this, it will not use the config files.
| http-request set-header X-Forwarded-Proto https | ||
|
|
||
| http-request redirect scheme https code 301 if !{ ssl_fc } | ||
| http-request set-header X-Forwarded-Proto https if { ssl_fc } |
In order to prevent duplicate configurations, refer to the core config in stepup. `option forwarded` produced an error (haproxy would not start), so changed to `forwardfor`
johanib
force-pushed
the
feature/stepup-https-only
branch
from
41619c7 to
b957d55
Compare
I lost much time tracing error messages before discovering the login flow started on http instead of https.
In order to prevent these issues in the future, ensure all requests use https. (except for the mailcatcher, which is not routed through haproxy).
In order to prevent duplicate configurations, the haproxy config from core is linked into stepup, as that specific config also has all stepup projects mapped.