OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: Julien on August 15, 2017, 11:53:53 pm

Title: load balance two ports
Post by: Julien on August 15, 2017, 11:53:53 pm
Hi guys,
I don't know if this possible like on pfsense to load balance ports 443 and 80 to differetns hosts on the LAN.
hope someone can point me on the right directions

Thank you
Title: Re: load balance two ports
Post by: franco on August 16, 2017, 07:44:53 am
Hi Julien,

Sure, use the os-relayd plugin (the pfSense "load balancer"), or the os-haproxy plugin (specifically written for OPNsense).

I think that some time in 2018, we may be removing the os-relayd plugin in favour of os-haproxy as it has some advantages like still being developed and supporting Let's Encrypt integration.


Cheers,
Franco
Title: Re: load balance two ports
Post by: Julien on August 16, 2017, 11:54:02 am
Thank you Franco,
I will be testing the the os-haproxy plugin  as I need a fully support opnsense plug in.
appreciate it your support
is there a kind of document about os-haproxy?

Title: Re: load balance two ports
Post by: franco on August 16, 2017, 01:25:26 pm
Hi Julien,

There is a bit of info in the original code merges on GitHub that Frank put up:

https://github.com/opnsense/plugins/pull/10

I would also suggest to peek at the HAproxy documentation, the terminology in the plugin should match the handbook:

http://cbonte.github.io/haproxy-dconv/1.7/intro.html


Cheers,
Franco
Title: Re: load balance two ports
Post by: Julien on August 16, 2017, 06:26:07 pm
Thank you Franco,
i'll go ahead and test it, if I have any questions I will report back.
I have checked on the plug in but I can't find the os-haproxy
is there is some kind of commands line to use in order to install it ?

thank you
Title: Re: load balance two ports
Post by: franco on August 16, 2017, 06:30:25 pm
System: Firmware: Plugins. Not there? :)
Title: Re: load balance two ports
Post by: Julien on August 16, 2017, 06:44:23 pm
System: Firmware: Plugins. Not there? :)
Found it,
was looking at the packages :) and not the plug in.
Thank you sir,
will try it now
We have two exchanges servers with ssl certificate, do we have to import the SSL to the Opnsense to get them checked ?
Title: Re: load balance two ports
Post by: franco on August 16, 2017, 06:52:24 pm
Yes, correct, import them under System: Trust to be able to use them.
Title: Re: load balance two ports
Post by: Julien on August 16, 2017, 07:00:24 pm
Yes, correct, import them under System: Trust to be able to use them.
I have the certificate on the .PFX extention.
I am not sure how I can import it to the firewall.

hope you can point me how to configure this as I can't seem to find a working Documentation about this.
Title: Re: load balance two ports
Post by: bartjsmit on August 16, 2017, 07:13:12 pm
Hi Julien,

run...

openssl pkcs12 -in input.pfx -nocerts -out key.pem
openssl pkcs12 -in input.pfx -clcerts -nokeys -out certs.pem

...to get the key and the certs respectively. You may want to parse out the certs into separate files and check which one is which by:

openssl x509 -in test.pem -noout -text | less

Bart...
Title: Re: load balance two ports
Post by: Julien on August 16, 2017, 10:46:36 pm
Hi Julien,

run...

openssl pkcs12 -in input.pfx -nocerts -out key.pem
openssl pkcs12 -in input.pfx -clcerts -nokeys -out certs.pem

...to get the key and the certs respectively. You may want to parse out the certs into separate files and check which one is which by:

openssl x509 -in test.pem -noout -text | less

Bart...
Thank you So much Bart,
Have you configured the HAProxy ? I've been reading over but can't seem to figured out how to get it configured.
Title: Re: load balance two ports
Post by: bartjsmit on August 17, 2017, 08:12:13 am
Sorry Julien, no ha-proxy here - my setup is rather simpler than yours. I have just done a fair bit of openssl over the years ;-)

Bart...
Title: Re: load balance two ports
Post by: Julien on August 19, 2017, 02:45:40 pm
Sorry Julien, no ha-proxy here - my setup is rather simpler than yours. I have just done a fair bit of openssl over the years ;-)

Bart...
Thank you,
I managed to find the how to which is a German but thanks god for google translate :)
https://www.frankysweb.de/exchange-2016-opnsense-haproxy-und-lets-encrypt/
Title: Re: load balance two ports
Post by: Julien on August 20, 2017, 05:51:19 am
I can't seem to get it working.
I hope someone can help me getting this fixed as it getting urgent.