OPNsense Forum
Archive => 17.7 Legacy Series => Topic started by: SkeelKat on October 27, 2017, 12:02:29 pm
-
Hi There.
I am trying to setup a HTTPS reverse proxy on my OPNsense installation.
I have 2 HTTPS addresses which I need to send to 2 internal servers.
mail.dynns.com:443 > 192.168.200.10
esxi.dynns.com:443 > 192.168.2.2
Both domain names resolves to the same Public IP address
Can anyone please explain how this is achieved with HAProxy. The writeups I could find is really vague on how this works.
Thanks
-
you have two options:
1. Terminate TLS on HAProxy.
In this case the communication to the backend will probably be HTTP
2. You can match the SNI to choose the backend.
-
Hi Fabian.
I have followed all possible how-to's that I could find but I cannot get this to work.
Could you please provide me with more detailed how-to?
Both the servers have to use HTTPS in the back end.
From what I can gather I should do the following
1. Create Server A
1.1 Enter LAN IP (192.168.200.10)
1.2 Enter 443 as port
1.3 Check SSL
1.4 Un-Check Verify SSL Certificate (just to ensure this does not cause an issue)
2. Create Back-end A
2.1 Mode = L7
2.2 Servers = Server A
3. Create Front End
3.1 Listen Address = mail.dynns.com:443
3.2 Default Backend = Backend A
4. Create ACL A
4.1 Expression = Host Contains
4.2 Value = mail.dynns.com
4.3 Query Backend = Backend A
5. Create Action A
5.1 Select ACLs = ACL A
5.2 Choose Action = Use Backend
5.3 Use Backend = Backend A
6. Create NAT Rule for WAN to forward all HTTPS traffic to 127.0.0.1 with associated Firewall Rule.
If I do this it still does not work? Any idea where I am going wrong?
-
4.1 ist definitly wrong as this is for HTTP. In your case you won't see the host header. You need to update your ACL and I am not sure about the rest.