Articles

Redirect HTTP to HTTPS and URLs with HAProxy Rules (2026)

April 18, 2026 4 min read

HAProxy can enforce HTTPS by redirecting all HTTP traffic to HTTPS, and it can also handle specific URL rewrites and redirects.

Here’s how you can set up HAProxy to redirect HTTP to HTTPS and manage URL redirects:

Redirecting HTTP to HTTPS

This is a common security practice to ensure all traffic is encrypted.

HAProxy Configuration:

frontend http_in
    bind *:80
    redirect scheme https code 301

frontend https_in
    bind *:443 ssl crt /etc.haproxy/certs/your_domain.pem
    # ... your backend server configurations ...

Explanation:

  • frontend http_in: This defines a frontend that listens on port 80 for incoming HTTP traffic.
  • bind *:80: HAProxy binds to all IP addresses on port 80.
  • redirect scheme https code 301: This is the core of the redirect.
    • redirect scheme https: Tells HAProxy to change the incoming request’s scheme from http to https.
    • code 301: Specifies the HTTP status code for the redirect. 301 means "Moved Permanently," which is SEO-friendly as it tells search engines that the resource has permanently moved to the HTTPS version.

When a client requests http://your_domain.com, HAProxy will intercept it and send back a 301 Moved Permanently response with the Location header set to https://your_domain.com. The client’s browser will then automatically make a new request to https://your_domain.com.

Redirecting Specific URLs

You can also use HAProxy to redirect specific URLs or patterns to different locations. This is useful for changing URL structures, redirecting old pages to new ones, or sending users to a specific landing page.

HAProxy Configuration:

frontend http_in
    bind *:80
    redirect scheme https code 301

frontend https_in
    bind *:443 ssl crt /etc.haproxy/certs/your_domain.pem

    # Redirect a specific old URL to a new URL
    http-request redirect location /new-page.html code 301 if { path /old-page.html }

    # Redirect all URLs under an old directory to a new directory
    http-request redirect location /new-directory/ code 301 if { path_beg /old-directory/ }

    # Redirect a specific URL to an external site
    http-request redirect location https://external.example.com/ landing code 302 if { path /old-external-link }

    # ... your backend server configurations ...

Explanation of URL Redirects:

  • http-request redirect location <new_url> code <http_code> if <condition>: This is the general syntax for performing HTTP requests redirects.

    • location <new_url>: Specifies the target URL for the redirect.
    • code <http_code>: The HTTP status code for the redirect.
      • 301 (Moved Permanently): For permanent changes.
      • 302 (Found / Moved Temporarily): For temporary changes.
    • if <condition>: A condition that must be met for the redirect to occur.

  • { path /old-page.html }: This condition checks if the requested URL path exactly matches /old-page.html.

  • { path_beg /old-directory/ }: This condition checks if the requested URL path begins with /old-directory/. HAProxy will capture the part of the path after /old-directory/ and append it to the new location. For example, a request to /old-directory/some-item would be redirected to /new-directory/some-item.

  • { path /old-external-link }: Redirects a specific path to an external domain. Note that when redirecting to an external URL, it’s often good practice to use 302 unless you are absolutely certain it’s a permanent move.

Combining HTTP to HTTPS and URL Redirects

You can combine these rules within the same frontend. HAProxy processes rules in the order they appear.

frontend http_in
    bind *:80
    # First, redirect all HTTP traffic to HTTPS
    redirect scheme https code 301

frontend https_in
    bind *:443 ssl crt /etc.haproxy/certs/your_domain.pem

    # Then, handle specific URL redirects for HTTPS traffic
    http-request redirect location /new-page.html code 301 if { path /old-page.html }
    http-request redirect location /new-directory/ code 301 if { path_beg /old-directory/ }

    # ... your backend server configurations ...

In this setup, if a request comes in on port 80, it’s immediately redirected to HTTPS. If a request comes in on port 443 and matches one of the http-request redirect conditions, that specific redirect is applied. Otherwise, the request proceeds to the backend servers.

Important Considerations:

  • Certificate Management: Ensure your SSL certificate (your_domain.pem in the example) is valid, correctly configured, and covers the domain you are serving. You can obtain certificates from Let’s Encrypt or commercial CAs.
  • Order of Operations: HAProxy processes frontend rules in the order they are defined. For redirects, this means a general redirect (like HTTP to HTTPS) should often come before specific URL redirects if you want the specific redirects to only apply to HTTPS traffic.
  • Cache Control: Using 301 redirects tells browsers and search engines that the content has permanently moved. If you make a mistake or need to change the redirect later, users might be stuck with the old redirect due to browser caching. You can use 302 for temporary redirects, but 301 is generally preferred for SEO.
  • Wildcard Certificates: For multiple subdomains, consider using a wildcard certificate (*.your_domain.com) if your CA supports it and your configuration allows.

By implementing these HAProxy rules, you can effectively secure your web traffic with HTTPS and manage your website’s URL structure with flexible redirection capabilities.

Want structured learning?

Take the full Haproxy course →