Forum

X-Forwarded-Proto HTTPS trampoline.

Jayess
15 June 2015, 11:53
Greetings.

I have an LB that offloads SSL and forwards to Hiawatha using HTTP... I'd like to force the use of HTTPS, and I can't do that on the LB- I can accomplish it with Hiawatha using the X-Forwarded-Proto in a UrlToolkit; like this:

VirtualHost {
Hostname = www.website.net, *.website.net
...
UseToolKit = https_trampoline
}

UrlToolKit {
ToolkitID = https_trampoline
Header X-Forwarded-Proto https Return
Match ^/(.*) Redirect https://www.website.net/$1
}


Question is- Is there a better, more generic way to do this? Ideally, I'd like toolkit to make it so requests to http://*.website.net/ redirect to https://*.website.net/ (as opposed to always going to https://www.website.net/ ...that would also mean I could use the same trampoline for other virtual hosts).

I've had a look around to not avail... And I can't seem to figure it out. Any advice would be appreciated.

Thanks!
Hugo Leisink
15 June 2015, 11:56
Have you tried the following?
VirtualHost {
...
RequireTLS = yes
}
Jayess
15 June 2015, 22:45

Yep- I get an infinite redirect (ERR_TOO_MANY_REDIRECTS in chrome).

I presume RequireTLS works where Hiawatha hosts SSL/TLS... Since it's offloaded to the LB in this case, the request always appears as HTTP to Hiawatha (hence the X-Forwarded-Proto check).

Hugo Leisink
17 June 2015, 15:53
In that case, the solution you showed in the first post is a good way to do this.
This topic has been closed.