OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: boardyuk on March 04, 2019, 02:05:58 pm
-
I'm trying to configure the HAProxy plugin (os-haproxy-2.15) as a front-end for a few internal servers. I'm currently using a port forward NAT rule to do this to an existing HAProxy install however I'd like to use the plugin to replace it.
I've got everything configured, however when I come to add a front-end (public service) I can't select the rules to use, the box just clears or stays empty.
I'm not sure if I'm doing something wrong or if there is a bug in the UI.
I'm running the latest 19.1.2 release as I only configured things last night and was up until 11pm trying to get this working.
-
The steps which I took to configure the HA proxy rule were the following:
1. Create Real servers
2. Create the Health-Check
3. Create the Back-End pool
4. Create the Virtual service.
For this step i created the virtual service to listen on IP 127.0.0.1 on the TCP port e.g. 12345
5. Create the NAT config with translation to the 127.0.0.1 on the TCP port.
That work flawlessly.
However, the HA proxy service config needs some time to populate the options from the browser and some time errors were produced from firefox. I would recommend selecting HA proxy from the Services and leave it a few seconds for your browser to download all content.
-
The steps which I took to configure the HA proxy rule were the following:
1. Create Real servers
2. Create the Health-Check
3. Create the Back-End pool
4. Create the Virtual service.
For this step i created the virtual service to listen on IP 127.0.0.1 on the TCP port e.g. 12345
5. Create the NAT config with translation to the 127.0.0.1 on the TCP port.
That work flawlessly.
However, the HA proxy service config needs some time to populate the options from the browser and some time errors were produced from firefox. I would recommend selecting HA proxy from the Services and leave it a few seconds for your browser to download all content.
Bagoline, thanks for that, I've given it a go and still doesn't want to work.
Unfortunately I can't run my NAT via port numbers as I am forwarding all HTTPS traffic to HAProxy and then have rules configured to check the path and forward the request based on that, e.g. emby, portainer, music
It's irritating that I can't seem to configure it as it's 1 of the things that convinced me to change out my Unifi USG to have my VPN client and HAProxy all in 1 box and not have to rely on running multiple servers behind the firewall.
-
Hi boardyuk
Just a clarification which i might have gotten wrong.
You use the HAPROXY as a reverse proxy, and not for load-balancing. Correct?
If that is the case why not use NGINX with the respective reverse proxy config and security modules?
I have never seen HAPROXY deployed as a reverse proxy. Most common deployment are:
Firewall + Forward Proxy (SQUID) + AV (ClamAV) + Reverse Proxy (WAF)
To be honest i haven't deployed the NGINX in opnsense but i believe it will be doable and forwarding paths should be more straightforward in NGINX.
-
Nginx doesnt support sticky sessions. If havent seen HAProxy you havent done real HA installations :)
-
You are correct with your assumption.
For sticky sessions, we always went with F5, Alteon load balancers for specific use-cases like shopping carts etc.
For the above use-cases, our environment would not allow non-officially supported solutions.