OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: ricardo-m on January 13, 2019, 10:47:33 pm
-
Hi all,
I feel like I must have read every bit of discussion, and every bit of documentation about HAProxy in OPNsense.
However, I must be doing something wrong as it's just not working out for me.
I have an internal server: 192.168.1.5 (for example) using https on port 443
I also have a domain pointing to my network: example.com
What I am trying to do is use a reverse proxy to point a specific subdomain (e.g cloud.example.com) to the internal server, so that I can then use other subdomains for other purposes in the future.
I've tried HAProxy with no success. My configuration was as follows:
HAProxy
Real Server
Name: cloud_server
FQDN or IP: 192.168.1.5
Port: 443
Backend Pool
Name: backend_pool
Mode: HTTP (Layer 7)
Balancing Algorithm: Source-IP Hash
Servers: cloud_server
Condition
Name: cloud_condition
Expression: Host matches
Value: cloud.example.com
Rules
Name: cloud_rule
Type: IF
Condition: cloud_condition
Operator: AND
Action: Override server in Backend Pool
Use Server: cloud_server
Public Services
Name: cloud_frontend
Listen Addresses: localhost:8443
Type: HTTP/HTTPS
Default Backend Pool: backend_pool
Rules: cloud_rule
You can assume that anything I've left out is as default.
I've then got a NAT Port forward rule to point any a https request on the WAN to the firewall on port 8443
When I "Test Syntax" I get a warning:
[WARNING] 012/214554 (23332) : parsing [/usr/local/etc/haproxy.conf:52] : 'use-server' ignored because frontend 'cloud_frontend' has no backend capability.
[ALERT] 012/214554 (23332) : config : frontend 'cloud_frontend' : unable to find server 'cloud_server' referenced in a 'use-server' rule.
[ALERT] 012/214554 (23332) : Fatal errors found in configuration.
Any help will be greatly appreciated!
-
Hi
instead of
Rules
Name: cloud_rule
Type: IF
Condition: cloud_condition
Operator: AND
Action: Override server in Backend Pool
Use Server: cloud_server
try:
Rules
Name: cloud_rule
Type: IF
Condition: cloud_condition
Operator: none
Action: http-request allow
-
Hi,
That works great! I knew I must have missed something simple.
Thanks for your help :D