Enforcing SSL for only Oempro domain, and serving tracking domains without SSL

From time to time, you may need to serve your open and link tracking domains without SSL.

To make this feature activated, simply edit Oempro’s HAProxy configuration file and follow these steps:

  1. Edit HAProxy configuration file: vi /opt/oempro/_dockerfiles/haproxy.cfg
  2. Under frontend frontend_app directive, below the line that starts with bind *:443..., add these:
acl https_domain hdr(host) -i your_oempro_domain.com
redirect scheme https if !{ ssl_fc } https_domain

The your_oempro_domain.com must be the domain that you have installed Oempro.

  1. Re-build the HAProxy container: docker-compose build haproxy
  2. Start the HAProxy: docker-compose kill haproxy && docker-compose up -d haproxy

Here’s an example:

If your Oempro is running on console.abc.com, the frontend frontend_app directive will look like this:

frontend frontend_app
    bind *:80

    # Enable these two lines if you have activated LetsEncrypt SSL
    bind *:443 ssl crt /etc/letsencrypt/live/console.abc.com/console.abc.com.pem
    acl https_domain hdr(host) -i console.abc.com
    redirect scheme https if !{ ssl_fc } https_domain
    #redirect scheme https if !{ ssl_fc }

    mode http

    acl letsencrypt-acl path_beg /.well-known/acme-challenge/
    use_backend letsencrypt-backend if letsencrypt-acl

    acl is-system path_beg /system/
    use_backend backend_oempro_system if is-system

    default_backend backend_oempro_app