OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: SkeelKat on July 24, 2018, 08:28:52 am

Title: Step by Step Needed - HAProxy
Post by: SkeelKat on July 24, 2018, 08:28:52 am

Dear Forum Members,

I am in dire need of some assistance. I have checked through every forum, the wiki, pfsense how-to's (for what it might be worth) and still cannot get HA Proxy to work.

Can anyone that has a working setup please give me some indication of how to do the following.

I have 5 DNS entries all pointing to my public IP addresses that I need to reverse proxy to back-end servers.

mail.domain.com:443 >>> 196.44.xxx.xxx >>> 172.16.60.10:443 (LAN)
wifi.domain.com:443 >>> 196.44.xxx.yyy >>> 172.16.80.20:8443 (OPT1)
www.domain.com:443 >>> 196.44.xxx.xxx >>> 172.16.60.11:80 (LAN)
download.domain.com:443 >>> 196.44.xxx.xxx >>> 172.16.60.12:80 (LAN) Apache vhost
edms.domain.com:443 >>> 196.44.xxx.xxx >>> 172.16.60.12:80 (LAN) Apache vhost

I want to make use of let's encrypt certificates for these domains - the ACME client is already active and the certificates are already obtained and installed on OPNsense.

For the life of me I cannot get this to work. The Wiki Documentation makes mention of ACL's which is no longer anywhere to find in the HAProxy Plugin. The HAProxy Plugin makes use of conditions and rules of which there is no mention in the documentation... and thus I am still stuck

Please help!

Title: Re: Step by Step Needed - HAProxy
Post by: astrandb on July 25, 2018, 02:19:05 pm

If you are starting the config from scratch the following should work:

• Define a Real server: name Internal_www, IP: 172.16.60.11, port 80, no ssl
• Define a Virtual service->Backend Pool: name pool_www, add server Internal_www (remember to press TAB after entering server name)
• Define a condition: Name e.g. www, Host matches, Host string = www.domain.com
• Define a rule: Name redirect_www, Select Conditions: www, HAProxy function: Use specified Backend, pool_www
• Define a Virtual Service->Public Service: Name front_443, Listen address: 196.44.xxx.xxx:443 (TAB), enable ssl-offloading, default backend pool: pool_www (TAB), certificate: your Let's Encrypt cert, Advanced settings: Select rules: redirect_www

If you run into problems, it can be a good idea to skip the ssl part initially to make the basic redirect work first. After that you could add ssl offloading and then the other conditions/rules/hosts one by one.
Good luck.