Infinite loop when using haproxy

Developer help
1

Hi there,

We are running ghost behind haproxy. Haproxy is used for terminating ssl and we are forwarding the request to ghost. The following is our haproxy config.

global
  log 127.0.0.1 local0 notice
  maxconn 2048
  user haproxy
  group haproxy
defaults
  log     global
  mode    http
  option  httplog
  option  dontlognull
  retries 3
  option redispatch
  option forwardfor
  option http-server-close
  timeout connect  5000
  timeout client  10000
  timeout server  10000
backend ghost
  balance roundrobin
  option forwardfor
  http-request set-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto https
  server ghost <ghost-ip>
frontend http-in
  bind :80
  bind :443 ssl crt <crt>
  use_backend ghost if { path_beg /blog }
  default_backend api

Our setup:

  • Ghost-CLI version: 1.11.0
  • Ghost version: 2.31.0

In ghost, our config url is https://<our-site>/blog.

This setup results in an infinite redirect to https://<our-site>/blog.

But it works when our config url is http://<our-site>/blog.

What is that we are missing out in haproxy config or is there something else that we are missing?

2

I’m also having this exactly same issue.

3

I was able to fix this by setting the following in my haproxy’s frontend:

    http-request redirect scheme https unless { ssl_fc }
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Proto http if !{ ssl_fc }

I also had to set this on nginx:

server {
    listen 8080;
    listen [::]:8080;

    server_name myalwesomesite.com;
    root /home/myalwesomesite/ghost_site/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; 
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;
        
    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

Ref.: Mapping Headers in Nginx | Servers for Hackers