Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
HTTPS Reverse Proxy with HAProxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: HTTPS Reverse Proxy with HAProxy (Read 5143 times)
SkeelKat
Newbie
Posts: 30
Karma: 0
HTTPS Reverse Proxy with HAProxy
«
on:
October 27, 2017, 12:02:29 pm »
Hi There.
I am trying to setup a HTTPS reverse proxy on my OPNsense installation.
I have 2 HTTPS addresses which I need to send to 2 internal servers.
mail.dynns.com:443 > 192.168.200.10
esxi.dynns.com:443 > 192.168.2.2
Both domain names resolves to the same Public IP address
Can anyone please explain how this is achieved with HAProxy. The writeups I could find is really vague on how this works.
Thanks
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: HTTPS Reverse Proxy with HAProxy
«
Reply #1 on:
October 27, 2017, 01:09:09 pm »
you have two options:
1. Terminate TLS on HAProxy.
In this case the communication to the backend will probably be HTTP
2. You can match the SNI to choose the backend.
Logged
SkeelKat
Newbie
Posts: 30
Karma: 0
Re: HTTPS Reverse Proxy with HAProxy
«
Reply #2 on:
October 27, 2017, 01:21:21 pm »
Hi Fabian.
I have followed all possible how-to's that I could find but I cannot get this to work.
Could you please provide me with more detailed how-to?
Both the servers have to use HTTPS in the back end.
From what I can gather I should do the following
1. Create Server A
1.1 Enter LAN IP (192.168.200.10)
1.2 Enter 443 as port
1.3 Check SSL
1.4 Un-Check Verify SSL Certificate (just to ensure this does not cause an issue)
2. Create Back-end A
2.1 Mode = L7
2.2 Servers = Server A
3. Create Front End
3.1 Listen Address = mail.dynns.com:443
3.2 Default Backend = Backend A
4. Create ACL A
4.1 Expression = Host Contains
4.2 Value = mail.dynns.com
4.3 Query Backend = Backend A
5. Create Action A
5.1 Select ACLs = ACL A
5.2 Choose Action = Use Backend
5.3 Use Backend = Backend A
6. Create NAT Rule for WAN to forward all HTTPS traffic to 127.0.0.1 with associated Firewall Rule.
If I do this it still does not work? Any idea where I am going wrong?
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: HTTPS Reverse Proxy with HAProxy
«
Reply #3 on:
October 27, 2017, 01:24:42 pm »
4.1 ist definitly wrong as this is for HTTP. In your case you won't see the host header. You need to update your ACL and I am not sure about the rest.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
HTTPS Reverse Proxy with HAProxy