OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: cryptomanman on February 02, 2019, 11:04:01 am

Title: HAProxy reverse proxy setup with SSL pass through. Help please.
Post by: cryptomanman on February 02, 2019, 11:04:01 am
TL;DR - What condition/s do I need to setup to watch for a requested host with this pass through reverse proxy and my nextcloud server with a self-signed certificate?


I have OPNsense 18.7.10 running in front of my home network which includes a Nextcloud server with currently just a self-signed certificate. I can reach my Nextcloud via ipv6, no problem. All of my computers get an ipv6 address via SLAAC from my ISP.

Sometimes, ie from work, I don't have access to ipv6 and so need to setup a reverse proxy so I can access via my single dynamic ipv4 address that the ISP provides.

So far I have been able to get this to work only by setting my Nextcloud backend to be the default backend for the frontend that is listening on port 443. This isn't a long term solution though, since I'd like more that one server to be able to be accessed on port 443.

I have been through many hours of googling and trying perhaps a dozen guides / posts (OPNsense ones, pfsense ones, and general HAProxy ones) to get this to work. But, every time I add a condition / rule pair to point to the Nextcloud server I either get a browser SSL error or a timeout; depending on what options I've set.

I'd like to keep this as a pass though proxy, with the hosts handling certificates. What condition/s do I need to setup to watch for a requested host with this pass through reverse proxy and my nextcloud server with a self-signed certificate? Watching for hostname gets me a timeout. Because the request is encrypted (I think. New learner here) And using SNI get's a SSL error in the browser.