Hi Gang,
I have spent several houres to configure haproxy as a simple reverse proxy for two different services on one single IP with the same Port. I have not succeeded and now I need your help please.
Config is as follows:
Real server 1: FQDN -> "fqdn.server1.intern" / Port -> 443 / SSL / SNI / fqdn.server1.intern / verify -> "myCA"
Real server 2: FQDN -> "fqdn.server2.intern" / Port -> 80
Backend pool 1: Server -> real server 1 (rest is default)
Backend pool 2: Server -> real server 2 (rest is default)
Public server 1: listen address -> "fqdn1:443" / certificate "fqdn1 acme" / selected rule -> Rule 1
Public server 2: listen address -> "fqdn2:443" / certificate "fqdn2 acme" / selected rule -> Rule 2
Condition 1: host matches -> Host string -> "sub.domain.de"
Condition 2: host matches -> Host string -> "domain.de"
Rule 1: If condition 1 -> use backend pool 1
Rule 2: If condition 2 -> use backend pool 2
That is my understading of how reverse proxy should select the right backend server depending on the host name that is called.
Enabling realserver 1 - everything is fine
Enabling realserver 2 - realserver 2 is working fine, too. But realserver 1 presents certificate from realserver 2 and passing the connection to realserver 1
- Type is HTTP/HTTPS
- IP is static, no NAT
I´m Pulling my hairs off - can´t get this to work...
Does anyone have any ideas?
Robin
If you don't want to pull your hair out, maybe give os-caddy a try. It can do what you need and is way easier to configure.
Here are the docs:
https://docs.opnsense.org/manual/how-tos/caddy.html
You need to go with a single public server and two backends depending on the domain name.
AWESOME! I love the community - I Love you :D - many thanks!!!!