1

I have a problem with haproxy and mixed content. When I try to connect through haproxy ssl, the browser (in this case either Firefox or Chrome), in default configuration, blocks the mixed content - in this case the http connections. This does not happen when I try to connect without the haproxy.

What could cause this?

For reference:

I have installed haproxy version 1.5.11

haproxy -v HA-Proxy version 1.5.11 2015/01/31 Copyright 2000-2015 Willy Tarreau

with this configuration:

global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy stats timeout 30s debug daemon # turn on stats unix socket stats socket /var/lib/haproxy/admin.sock mode 660 level admin # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4 SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL defaults log global mode http option httplog option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 frontend webphp53_http bind *:80 bind *:443 ssl crt /etc/ssl/private/cert.pem mode http default_backend webphp53_servers backend webphp53_servers mode http balance roundrobin option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } option httpchk HEAD / HTTP/1.1\r\nHost:localhost server php53_node1 192.168.127.67:80 check server php53_node2 192.168.127.68:80 check
Improve this question
2
  • possible duplicate of How to solve nginx reverse proxy mixed content(http, https) (the backend setup is not relevant to the question). Commented Feb 12, 2015 at 16:12
  • 1
    This has (almost) nothing to do with your backend setup. The problem is you are loading a html page over https which references resources with http i.e. <script src="http://whatever...">. Commented Feb 12, 2015 at 16:13

2 Answers 2

Reset to default
0

Mixed content is blocked outright if the domains are different. Make sure that when you switch to using the load balancer, the mixed content in the page is using the same server name.

Improve this answer
4
  • Yes, the mixed content is in the same server. When I try to connect without the haproxy the browser alert of the mixed content but no block the content. Commented Feb 12, 2015 at 15:28
  • I have observed that only blocks javascript and css content. Commented Feb 12, 2015 at 15:42
  • 1
    It's not if the domains are different - it's if the protocol is not https for a https main-request. Commented Feb 12, 2015 at 16:14
  • This is because of the CORS specification - it is a separate issue from mixed content. Commented Sep 23, 2017 at 4:44
0

I have found that the problem only occurs when you use a CMS like Drupal and Wordpress, I found the solution force both to use https, in the case of Drupal editing sites/default/settings.php uncomment the line:

$base_url = 'https://domain_name_blablabla';

In the case of Wordpress it's necessary to install Wordpress HTTPS (SSL) plugin https://wordpress.org/plugins/wordpress-https/

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.