HTTPS Reverse Proxy with HAProxy

[SkeelKat]

Hi There.

I am trying to setup a HTTPS reverse proxy on my OPNsense installation.

I have 2 HTTPS addresses which I need to send to 2 internal servers.

mail.dynns.com:443 > 192.168.200.10
esxi.dynns.com:443 > 192.168.2.2

Both domain names resolves to the same Public IP address

Can anyone please explain how this is achieved with HAProxy. The writeups I could find is really vague on how this works.

Thanks

[fabian]

you have two options:

1. Terminate TLS on HAProxy.
In this case the communication to the backend will probably be HTTP

2. You can match the SNI to choose the backend.

[SkeelKat]

Hi Fabian.

I have followed all possible how-to's that I could find but I cannot get this to work.
Could you please provide me with more detailed how-to?

Both the servers have to use HTTPS in the back end.

From what I can gather I should do the following

1. Create Server A
1.1 Enter LAN IP (192.168.200.10)
1.2 Enter 443 as port
1.3 Check SSL
1.4 Un-Check Verify SSL Certificate (just to ensure this does not cause an issue)

2. Create Back-end A
2.1 Mode = L7
2.2 Servers = Server A

3. Create Front End
3.1 Listen Address = mail.dynns.com:443
3.2 Default Backend = Backend A

4. Create ACL A
4.1 Expression = Host Contains
4.2 Value = mail.dynns.com
4.3 Query Backend = Backend A

5. Create Action A
5.1 Select ACLs = ACL A
5.2 Choose Action = Use Backend
5.3 Use Backend = Backend A

6. Create NAT Rule for WAN to forward all HTTPS traffic to 127.0.0.1 with associated Firewall Rule.

If I do this it still does not work? Any idea where I am going wrong?

[fabian]

4.1 ist definitly wrong as this is for HTTP. In your case you won't see the host header. You need to update your ACL and I am not sure about the rest.