OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: gerflo09 on May 27, 2016, 01:24:25 am

Title: Is it possible to NAT route http depending on the used domain name?
Post by: gerflo09 on May 27, 2016, 01:24:25 am

I like to achieve, that opnsense routes the http packets from WAN interface to different LAN/DMZ servers, depending on the used domain name, like apache or nginx does with virtual hosts.
How can I get that behavior?

Title: Re: Is it possible to NAT route http depending on the used domain name?
Post by: fabian on May 27, 2016, 02:13:36 pm

you need a reverse proxy which can do this - maybe the plug in haproxy can help you. If not, OPNsense has lighttpd installed as webserver for the gui. You can run your own instance of it as a reverse proxy if you like but you have to configure it by yourself.
 https://redmine.lighttpd.net/projects/1/wiki/Docs_ModProxy

Title: Re: Is it possible to NAT route http depending on the used domain name?
Post by: gerflo09 on May 29, 2016, 01:00:27 am

cool - following here is the configuration for haproxy I like to achieve, but how can I put this into OPNsense, since I cannot edit haproxy.cfg directly - or can I?

global
    daemon
    maxconn 4096

defaults
    mode http
    timeout connect 5000ms
    timeout client 50000ms
    timeout server 50000ms

frontend http-in
    bind *:443
    acl is_site1 hdr_end(host) -i www.domain_one.com
    acl is_site2 hdr_end(host) -i www.domain_two.com

    use_backend site1 if is_site1
    use_backend site2 if is_site2

backend site1
    balance roundrobin
    option httpclose
    option forwardfor
    server s2 192.168.0.13:443 maxconn 32

backend site2
    balance roundrobin
    option httpclose
    option forwardfor
    server s2 192.168.0.12:443 maxconn 32