When SSL is enabled users are redirected from the HTTP URLs to the HTTPS ones.
* If a user tries to connect to the HTTP URL and tries to get "/" the HAProxy backend will send a redirect to to the port 443 and "/" too.
* This connection is able to bypass the first redirection and makes its way through the HAProxt SSL termination to the Apache backend without SSL.
* The request is redirected again by the rule: "RedirectMatch permanent ^/$ /horizon" but is sent
to the URL http://${host}/horizon (without ssl again) because the backend is not SSL enabled and redirect keeps the protocol of the request.
* Then, this request again is bounced by the HAProxy backend to https://${host}/horizon
* Finally, this request is able to reach Horizon and is redirected to the login page.
* http://10.20.1.2
* https://10.20.1.2
* http://10.20.1.2/horizon <- http again
* https://10.20.1.2/horizon
* https://10.109.1.2/horizon/auth/login/?next=/ <- login page
This chain of redirects will break if only the port 443 is opened or forwarded and the client is not able to connect when he is asked to go to http again, provided the first request was to the https://10.20.1.2. The browser will show Connection Reset error and Horizon will not be available.
(This check performed automatically)
Please, make sure that bug description contains the following sections filled in with the appropriate data related to the bug you are describing:
actual result
version
expected result
steps to reproduce
For more detailed information on the contents of each of the listed sections see https:/