OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: Inxsible on May 19, 2021, 04:36:19 pm

Title: [SOLVED]Reverse proxying Omada SDN via HAProxy
Post by: Inxsible on May 19, 2021, 04:36:19 pm

Hello,

I use TP-Link EAP in my house and use the Omada SDN controller to configure the EAPs. The Omada software requires that the port (default 8043) be included in every request -- otherwise it redirects to the url:8043.

I have been trying to set up the reverse proxy but have not been successful yet. I found these threads on the TP-Link community and I tried to follow the instructions for pfSense, but it has not worked for me in Opnsense.

https://community.tp-link.com/en/business/forum/topic/186224?page=4 (post #38)

https://community.tp-link.com/en/business/forum/topic/161624?replyId=559794

I tried to use the built-in Execute Function options in Opnsense --> Rules&Checks -->Rules and when that didn't work, I used the custom option (pass-through) and wrote down the exact rule as indicated in the TP-link forum posts. But still no dice !!!

Here's what I have so far:
OmadaRealServer: See image
OmadaConditionFQDN: See image
OmadaConditionShort: see image
OmadaRuleHeaderSetFQDN ; see image


The remaining rules images are in the next post.

Would someone please help me translate these so that I can reverse proxy the Omada SDN controller?

Thanks,

Title: Re: Reverse proxying Omada SDN via HAProxy
Post by: Inxsible on May 19, 2021, 04:37:33 pm

Omada Rules that I have set up currently:

OmadaRuleHeaderSetShort: see image
OmadaRuleBackend: see image
OmadaRuleCustomResponse : see image


Currently with all the listed conditions & rules, I only get a 503 Service not available error when trying to access https://omada.myshinydomain.com

Title: Re: Reverse proxying Omada SDN via HAProxy
Post by: mace on August 18, 2022, 08:38:49 pm

HA Proxy Setup for Omada

### Omada Conditions ###

Code: [Select]

oc_condition_1
Condition type = Host matches
Host String = omada.domain.tld (your public domain)

oc_condition_2
Condition type = Host regex
Host Regex = ^omada\.domain\.ltd(:([0-9]){1,5})?$

### Omada Rules ###

Code: [Select]

oc_rule_1   
Test type = IF[default]
Select conditions = oc_condition_1
Execute function = Use specified Backend Pool
Use Backend pool = omada_pool

oc_rule_2
Test type = IF[default]
Select conditions = oc_condition_1,oc_condition_2
Execute function = http-request header set
HTTP Header = host
Header Content = omada.domain.tld:8043

oc_rule_3
Select conditions = Nothing selected
Execute function = Custom Rule
Option pass-through = http-response replace-value location 8043 %[hdr(location),regsub(8043,443)]

### Omada Server ###

Code: [Select]

omada_server
Type = static
FQDN or IP = 192.168.1.0 (your localhost ip)
Port = 8043
Mode = active
SSL = true
Verify SSL Certificate = false
### Omada Pool ###

Code: [Select]

omada_pool
Servers = omada_server
Select Rules = oc_rule_2,oc_rule_3

### Public Service ###

Code: [Select]

public_https
Select Rules = oc_rule_1


Title: Re: Reverse proxying Omada SDN via HAProxy
Post by: Inxsible on September 19, 2022, 10:33:30 pm

Quote from: mace on August 18, 2022, 08:38:49 pm

### Omada Pool ###

Code: [Select]

omada_pool
Servers = omada_server
Select Rules = oc_rule_2,oc_rule_3


The only thing that I was missing was the selection of oc_rule_2 and oc_rule_3 in my omada_pool. I had everything else set up exactly as you described but I had found out all that information from various forums.
Thank you for posting this even after more than a year. Once I selected the 2 rules in my backend pool setup, everything worked as expected.