Hello, i have two registered domains (both pointing to one ip address), lets say domain-a and domain-b.
Both domains access via https on the default port 443 and i don't want to change it.
But, to access domain-b i want the users to identify themselves via a client-certificate i handed them out.
Domain-a should be accessable by the public without certificates, but of course via https.
To do this, i created a tcp-frontend that uses a rule to decide which backend should be used (the rule uses sni to identify if the request is coming from domain-a or domain-b).
I also created two other frontends (this time in http-mode). The listening addresses are now unix sockets (unix@sock-a for domain-a and unix@sock-b for domain-b).
Because i created two frontends with unix sockets i can now create real-servers that use those sockets.
The backends (backend-a and backend-b) are linked to the real-servers (sock-a or sock-b) and get requests from the tcp frontend.
My problem is that when im accessing the frontend i get an empty reply (code 52).
Do i miss something when using unix-sockets?
Thanks for any help.
I have the same issue. Did you ever figure it out?
I tried:
In Frontend: tcp, listening on 0.0.0.0:443, with default backend set to...
Backend pool 1: tcp, server is...
Backend server 1: unix@test_1
Frontend: https offloading, listening on unix@test_1, default backend set to...
Backend pool 2: http, server is...
Backend Server 2: 192.168.1.2
No response.
can be related to chroot or permissions.
can you please explain why you need to loop traffic via sockets? <- hard to switch from nginx :o
can try
opnsense-patch -c plugins -a kulikov-a 3b3d22d
and re-Apply HAProxy settings? (tested and works on 22.7.1 with 3.10_1 HAProxy plugin ver)
Hey,
didn't get notified but saw your replies last week and tried this config out today.
Works perfect.
Thank you guys.
Every day i love my opnsense-boxes more and more :)
hi!
great! thanks for the feedback)