Hi,
I have a problem with the configuration of HAProxy.
I manage to address only one target server per TCP port, despite different domains and IP addresses.
Example:
1. server
public IP address: 123.123.123.1
internal IP address: 192.168.1.1
DNS host1.bla.blubb
Port 443
2. server
public IP address: 123.123.123.2
internal IP address: 192.168.1.2
DNS host2.bla.blubb
Port 443
If both servers are active in HAProxy only one of them is reachable. But both work separately if only one of the public services is active.
I have already tried various settings, but usually this only worsens the result.
Currently I have set the Condition Type to "SNI TLS extension matches (TCP request content inspection)".
I don't know what else I'm missing and would be very grateful for some assistance.
Greetings
Ralf
Are these two 123.123.123.1 and 123.123.123.2 public being bound to an interface in OPN ? How?
Hi cookiemonster,
thanks for your answer.
The addresses concerned are not bound to the WAN interface, but to the DMZ interface.
It are CARP addresses because of the HA
I'm of no help, sorry. I don't understand this setup with ip addresses used for CARP but also for NATing webservers. I've only seen them used for failovers for exclusive use of the firewalls.
Maybe someone else can advise.
Hi,
I have tested further and found out that there must be only one "Public Service" per port.
I have now combined all domains, also for different "backend pools" in one "Public Service" rule and now it seems to work. I was already afraid that it would be quite simple.
I will test this further and keep you updated.
Gude
Ralf