Is it possible to redirect an https connection before SSL is checked using haproxy?

ssl haproxy

I have two domains, myexample.com and my-example.com. I want all traffic for either domain to go to https://www.my-example.com, for which I have an SSL certificate. I do not have an SSL certificate for the domain myexample.com.

I have http://myexample.com, http://www.myexample.com, http://my-example.com and http://www.my-example.com all redirecting to https://www.my-example.com with no problem, however when I set up a redirect for https://myexample.com or https://www.myexample.com, it checks for their SSL certificate before redirecting and so I always get a certificate error.

Is there a way to do the redirect without the SSL checking for the non-SSL domain that I am redirecting away from?

The relevant part of my config file:

frontend www-https
   bind xxx.xxx.xxx.xxx:443 ssl crt /etc/ssl/private/www.my-example.com.pem
   reqadd X-Forwarded-Proto:\ https
   redirect prefix https://www.my-example.com code 301 if { hdr(host) -i myexample.com }
   redirect prefix https://www.my-example.com code 301 if { hdr(host) -i www.myexample.com }
   default_backend www-backend

Solution 1:

Redirection is done at the HTTP level, i.e. after the SSL connection was established. Since establishing the SSL connection includes validating the certificate it is not possible to bypass the certificate check for redirects.

Related

Best way to change site IP address - from the end user perspective?
ZSH not sourcing zprofile
sar: enable data collecting
Why send authoritative nameserver in DNS?
How to max out performance EC2 instance
mariadb.service start stuck at activating
Connecting with Samba to a Windows Share returns "NT_STATUS_DUPLICATE_NAME"
Cronolog vs logrotate
Google Chrome Enterprise - Any Gotchas?
Is there a way to run chmod on Windows
Moving from Exchange 2003 to Exchange 2010
How can I figure out which keychain entries a process wants access to