OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • HTTPS Reverse Proxy with HAProxy
« previous next »
  • Print
Pages: [1]

Author Topic: HTTPS Reverse Proxy with HAProxy  (Read 3754 times)

SkeelKat

  • Newbie
  • *
  • Posts: 22
  • Karma: 0
    • View Profile
HTTPS Reverse Proxy with HAProxy
« on: October 27, 2017, 12:02:29 pm »
Hi There.

I am trying to setup a HTTPS reverse proxy on my OPNsense installation.

I have 2 HTTPS addresses which I need to send to 2 internal servers.

mail.dynns.com:443 > 192.168.200.10
esxi.dynns.com:443 > 192.168.2.2

Both domain names resolves to the same Public IP address

Can anyone please explain how this is achieved with HAProxy. The writeups I could find is really vague on how this works.

Thanks
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: HTTPS Reverse Proxy with HAProxy
« Reply #1 on: October 27, 2017, 01:09:09 pm »
you have two options:

1. Terminate TLS on HAProxy.
In this case the communication to the backend will probably be HTTP

2. You can match the SNI to choose the backend.


Logged

SkeelKat

  • Newbie
  • *
  • Posts: 22
  • Karma: 0
    • View Profile
Re: HTTPS Reverse Proxy with HAProxy
« Reply #2 on: October 27, 2017, 01:21:21 pm »
Hi Fabian.

I have followed all possible how-to's that I could find but I cannot get this to work.
Could you please provide me with more detailed how-to?

Both the servers have to use HTTPS in the back end.

From what I can gather I should do the following

1. Create Server A
1.1 Enter LAN IP (192.168.200.10)
1.2 Enter 443 as port
1.3 Check SSL
1.4 Un-Check Verify SSL Certificate (just to ensure this does not cause an issue)

2. Create Back-end A
2.1 Mode = L7
2.2 Servers = Server A

3. Create Front End
3.1 Listen Address = mail.dynns.com:443
3.2 Default Backend = Backend A

4. Create ACL A
4.1 Expression = Host Contains
4.2 Value = mail.dynns.com
4.3 Query Backend = Backend A

5. Create Action A
5.1 Select ACLs = ACL A
5.2 Choose Action = Use Backend
5.3 Use Backend = Backend A

6. Create NAT Rule for WAN to forward all HTTPS traffic to 127.0.0.1 with associated Firewall Rule.

If I do this it still does not work? Any idea where I am going wrong?


Logged

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: HTTPS Reverse Proxy with HAProxy
« Reply #3 on: October 27, 2017, 01:24:42 pm »
4.1 ist definitly wrong as this is for HTTP. In your case you won't see the host header. You need to update your ACL and I am not sure about the rest.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • HTTPS Reverse Proxy with HAProxy
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2