Problem with NextCloud and Haproxy

🚧 Installation
1

Hello,

I want deploy nextcloud in my personal infrastructure.

I’ve platform with VMware ESXi, I’m teacher of VMware, i prefer explain why i have a vmware vsphere platform in my home :slight_smile: .

I choose to deploy the official appliance of nextcloud, because i don’t have time to perform the full installation of this services.

My platform is composed of :

  • 2 Servers HaProxy in frontal configuration with KeepAlived (Red Hat 8.5)
  • 2 Web Server
  • 1 NextCloud Server

It’s work fine, but when i’ve activated SSL (Let’s encrypt certificat). it’s stop work with the following error :

Bad Request

Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

For my classical website i don’t meet a problem, its work fine…

My configuration of HaProxy :

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon
    stats socket /var/lib/haproxy/stats
    ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
    ssl-default-bind-options no-sslv3
    tune.ssl.default-dh-param 2048
defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend http-in
        bind *:80
        acl http ssl_fc,not
        http-request redirect scheme https if http

frontend https-in
        bind *:443 ssl crt-list /etc/haproxy/certs/domains_list.txt
        option forwardfor
        option forwardfor header X-Real-IP
        http-request add-header X-Real-IP %[src]
        reqadd X-Forwarded-Proto:\ https
        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend letsencrypt-back if letsencrypt-acl
        acl nextcloud hdr_end(host) -i nextcloud.lesdupre.fr
        acl www hdr_end(host) -i www.lesdupre.fr
        use_backend nextcloud-back if nextcloud
        use_backend rhel-web-back if www

        default_backend rhel-web-back

backend nextcloud-back
        server ubu-nextcloud nextcloud.home.local:443

backend rhel-web-back
        redirect scheme https if ! { ssl_fc }
        balance     roundrobin
        server  rhel-web01 192.168.1.81:80 check
        server  rhel-web02 192.168.1.82:80 check

Do you have some idea to help me ?

Thanks lot for any assistance.

Regards,
MrXanderX