Text only | Text with Images

OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: opn_nwo on September 17, 2021, 11:22:55 PM

Title: HAProxy and Tautulli
Post by: opn_nwo on September 17, 2021, 11:22:55 PM
For the past few days I have been struggling to make Tautulli work with HAProxy. I only want to use it internally so I can do SSL offloading (HTTPS -> HTTP) so I can have the cert managed by ACME.

I was able to make it work with Maltrail on a different server, but for some reason it looks like Tautulli is particularly picky when it comes to reverse proxy.

I would appreciate if anybody is running a similar setup could share their config


Tautulli server is 192.168.70.90:8181 (HTTP)
HAProxy Public Service is using a dedicated VIP 192.168.188.10:443
hostname I want to use is tautulli.domain.tld
DNS override (pointing to 192.168.188.10) and FW rules are in place and verified working.

This is the exported config:

Code Select
#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbproc                      1
    nbthread                    1
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.chksize                16384
    tune.bufsize                16384
    tune.lua.maxmem             0
    log /var/run/log local0 info

defaults
    log     global
    option redispatch -1
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: Tautulli_HTTPS ()
frontend Tautulli_HTTPS
    bind 192.168.188.10:443 name 192.168.188.10:443 ssl  crt-list /tmp/haproxy/ssl/6143406f323444.95011154.certlist
    mode http
    option http-keep-alive
    option forwardfor
    # tuning options
    timeout client 30s

    # logging options
    # ACL: tautulli_condition
    acl acl_61433d03c999e0.49647317 hdr(host) -i tautulli.domain.tld

    # ACTION: tautulli_rule
    use_backend tautulli_backend if acl_61433d03c999e0.49647317

# Backend: tautulli_backend ()
backend tautulli_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server tautulli 192.168.70.90:8181
Title: Re: HAProxy and Tautulli
Post by: Fright on September 19, 2021, 04:52:21 PM
so what the client sees in the browser and is there any entries in the haproxy log?
Text only | Text with Images