Hi!
I have a configuration problem related to https and Octopus Deploy Server.
My client have a load balancer in front of all web applications and the load balancer is doing SSL Offloading.
When I type in http://octopus.example.com the load balancer works as a reverse proxy and just forwards it to http://octopusserver:80.
When I type in https://octopus.example.com the load balancer decrypts the request, add the http-header “X-Forwarded-Proto: https” and then forwards the same endpoint unencrypted on port 80.
Is there some way to get Octopus Deploy Server to understand X-Forwarded-Proto and redirect unsercure request to https?
Hi Fredrik,
Thanks for getting in touch. Just to make sure I’m not misunderstanding, you’re objective is to ensure that all traffic from the browser is Https?
If that is the case, Octopus Deploy does have a Force SSL option but that won’t work for the scenario where you are behind a reverse proxy, because it cannot see the original request’s domain. We did look at adding X-Forwarded-* handling recently, but found that supporting all of the possibilities across all of the different reverse proxies and load balancers was impractical. Please note that if you’re on a version > 3.5.1, we had some issues when running behind a reverse proxy that were fixed in 3.7.3, so please ensure you’re running at least that version or greater.
A common configuration for this scenario is to have Octopus Deploy configured as you already do, and then have the reverse proxy detect the Http requests and have it return a 301 to redirect the user to Https.
Hope this helps and if I can assist further just let me know.
Shannon
Thanks!
Yes, I’m trying to ensure all traffic goes over https.
If you currently do not support redirection to https using X-Forwarded-Proto I’ll go for adding the redirect in the load balancer instead config in the load balancer.