OPNsense Forum

English Forums => General Discussion => Topic started by: csmall on December 16, 2017, 01:34:53 am

Title: Suggestions for multiple servers running port 443 behind OPNsense
Post by: csmall on December 16, 2017, 01:34:53 am

Suggestions for multiple servers running port 443 behind OPNsense With a single public ip?

What would be a good option for handling this?

example:

a.domain.com:443 —-> single public ip ——> internal_server1:443

b.domain.com:443 —-> single  public ip ——> internal_server2:443

Can any plugins for OPNsense handle this or would something like nginx/reverse proxy be required? Maybe a layer 7 load balancer like kemp or netscaler etc.

Haproxy can’t do this can it?

Title: Re: Suggestions for multiple servers running port 443 behind OPNsense
Post by: Gargamel on December 16, 2017, 07:56:03 am

Hi.

I think you are looking for HAProxy https://wiki.opnsense.org/manual/how-tos/haproxy.html

Title: Re: Suggestions for multiple servers running port 443 behind OPNsense
Post by: csmall on December 16, 2017, 12:59:03 pm

How can haproxy do this? I see the guide on installing the plugin but how can it allow multiple dns names that point to one public ip to hit multiple servers behind OPNsense using the same port (443)?

Title: Re: Suggestions for multiple servers running port 443 behind OPNsense
Post by: fabian on December 16, 2017, 01:10:07 pm

you can forward based on the SNI (domain name in TLS) or use TLS offload (HTTPS only to HAProxy).