The load balancer is just HAProxy on a Linux box (Ubuntu, but totally irrelevant, I think).  While I can do SSL passthrough, I'm still stumped as to why this is a problem.  The media listed does have 'http://' items listed, but what doesn't make sense is that the server I'm pulling from doesn't have that problem when it's pure HTTPS.  I would think absolute URLs on the web server would have shown up while it has SSL on the server itself.  That's what makes no sense to me.

However, I do appreciate the headsup for SSLdump.  I'd forgotten that tool existed, which makes it a bit easier to move back to SSL Passthrough. However, the OCD in me just can't let this lie without an answer.  Based on what I understand of the SSL termination config, haproxy is supposed to encrypt everything it gets from the HTTP web server so that the client sees nothing but HTTPS packets.  For some reason, it's not doing that and that bugs me.  


On Fri, Feb 12, 2016 at 10:18 AM, Gordon Messmer <gordon.messmer@gmail.com> wrote:
On 02/12/2016 05:53 AM, Mark Haney wrote:
When I pull it through the load balancer (HTTPS) it doesn't with an error about mixed content.
 ...
Or can someone begin to tell me where to start debugging.

 View the source of the page in FF, and look for the string "http://"

Something in the site is generating absolute URLs; you want it to generate relative URLs.  Or, if that's not possible, you want it to generate absolute URLs with https://.

If your proxy doesn't have hardware SSL acceleration, you also might find that the system will scale better when passing SSL straight through to the web servers.  If you want to observe encrypted traffic for debugging, use ssldump.  Wireshark may also be able to analyze encrypted traffic, but I haven't used it before.

http://ssldump.sourceforge.net/
https://wiki.wireshark.org/SSL
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



--

Mark Haney ::: Senior Systems Engineer

VIF International Education
P.O. Box 3566 ::: Chapel Hill, N.C. 27515 ::: USA
919-265-5006 office

Global learning for all.
www.vifprogram.com
Find VIF on Facebook | Twitter | LinkedIn

Recognized as a ‘Best for the World’ B Corp!