Thanks for the quick reply! Sorry, I forgot to paste the "global" part of the config, I have that URL already set:

[global]
;Main Settings
;=============
Usr = elog
Grp = elog
port = 8080
SSL = 0
URL = https://elog.test.km3net.de
Title image = <img border=0 src="KM3NeT_logo.png" alt="KM3NeT logo" height="35px">
;SMTP host = smtp.fau.de
Display mode = summary
Thumbnail size = 500>
List Menu text = clock.html
Menu text = clock.html

I also tried the default configuration (example config) and it that works behind the load balancer. So I guess it's related to the password-page, which causes this redirect loop? Our logbooks are all password protected, so when a logbook URL is clicked, it should first present the login-form, and that's where it chokes.

Yeah, after you enter a password, elog redirects to what it finds in "URL". You can trace that by opening "development tools" in Google Chrome, go to "network" and watch packets going back and forth. I never worked with the load balancer, but maybe you need a different "URL" containing a '/' at the end?

My problem is that I don't even reach the page where I can enter a password. If you go to https://elog.test.km3net.de and click on a logbook, you'll see that it immediately goes into a redirect loop. I already logged the routing but there is nothing else...

Attached is the log, where you can see that `Operations+IT` redirects to `Operations+IT/` and that redirects to `Operations+IT` again, which then goes to `elog.test.km3net.de` and `Operations+IT` again etc. etc.

EDIT: I  use the very same load balancer confugration for dozens of other services incl. Apache, Nginx, GitLab, Mattermost, RocketChat etc. and all work fine. As written before, also the "example" logbook works (without password protection).

I also tried `/` at the end of the URL but it has no effect.

I am pretty clueless currently...

Yes I see the redirects. You say with the example logbook it works, right? Is it the password protection which triggers the problem or anything else? Does it work if you take out the password protection? The key is to identify which setting in your config file triggers the problem, so you can bracket the problem down between the example logbook and your logbook definition.

Yes, I used the empty `passwd` file from example. When I then click on one of the logbooks, I get to the page where I can register a user (see attached screenshot). After clickin on "Save" for the user registration, I again get the redirect error. Once there is a registered user (i.e. a non-empty password file) the redirect issue is persistent. Any idea where the problem might be? I just emptied the password file again, so you can have a one-shot, if you like.

Btw. I have SSL termination in the load balancer, so ELOG does not need to do any SSL related things (the swarm is in a locally isolated network, so all internal communication between the load balancer and the swarm machines are safe). Maybe that's the issue? On the other hand, the main page loads fine and uses SSL termination too, so I don't know, maybe there is logic behind the authentication which collides with the SSL termination.

The issue is still present and now it's quite urgent to move this last service into the Swarm. Does anyone maybe have an idea what's wrong? To sum up: if there is a non-empty password file, the login page chokes in an infinite loop of redirects. I am using the same HAProxy load balancer configuration as for all the other services (running Apache, NGINX, GitLab, XWiki, etc.):

backend be_elog.km3net.de
    mode http

    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }

    server-template km3net-elog- 1 km3net-elog_elog:8080 check resolvers docker init-addr libc,none