1
General Discussion / Re: HAPProxy Multidomain
« on: July 23, 2017, 09:40:06 am »
Next would be to get it working in transparent mode, not sure if possible 
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
General Discussion / Re: HAPProxy Multidomain
« on: July 23, 2017, 09:38:18 am »
Thanks to Deciso support we got it working. I can only recomment to get commercial support from them. It is worth every cent.
Config, here we go:
Portforward from port 80 to 127.0.0.1:8080 on nat firewall rule:
Corresponding firewall rule on WAN for it
HAProxy config, basically one frontend, one backend, multiple server, each domain/server a acl / action rule
Config, here we go:
Portforward from port 80 to 127.0.0.1:8080 on nat firewall rule:
Code: [Select]
<rule>
<protocol>tcp</protocol>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<descr/>
<tag/>
<tagged/>
<poolopts/>
<target>127.0.0.1</target>
<local-port>8080</local-port>
<source>
<any>1</any>
</source>
<destination>
<network>wanip</network>
<port>80</port>
</destination>
</rule>
Corresponding firewall rule on WAN for it
Code: [Select]
<rule>
<source>
<any>1</any>
</source>
<interface>wan</interface>
<protocol>tcp</protocol>
<ipprotocol>inet</ipprotocol>
<destination>
<address>127.0.0.1</address>
<port>8080</port>
</destination>
<descr>NAT </descr>
</rule>
HAProxy config, basically one frontend, one backend, multiple server, each domain/server a acl / action rule
Code: [Select]
<HAProxy version="0.0.0">
<frontends>
<frontend uuid="51ea7847-d9d7-4bfc-a2c0-81a6521e76ce">
<id>597244499fc4e2.41670272</id>
<enabled>1</enabled>
<name>http_in_new</name>
<description>http_in_new</description>
<bind>127.0.0.1:8080</bind>
<bindOptions/>
<mode>http</mode>
<defaultBackend>979ae8bd-b258-433e-9d9c-6b27958cde85</defaultBackend>
<ssl_enabled>0</ssl_enabled>
<ssl_certificates/>
<ssl_default_certificate/>
<ssl_customOptions/>
<tuning_maxConnections>50</tuning_maxConnections>
<tuning_timeoutClient/>
<logging_dontLogNull>0</logging_dontLogNull>
<logging_dontLogNormal>0</logging_dontLogNormal>
<logging_logSeparateErrors>0</logging_logSeparateErrors>
<logging_detailedLog>1</logging_detailedLog>
<logging_socketStats>0</logging_socketStats>
<forwardFor>0</forwardFor>
<connectionBehaviour>http-keep-alive</connectionBehaviour>
<customOptions/>
<linkedActions/>
<linkedErrorfiles/>
</frontend>
</frontends>
<backends>
<backend uuid="979ae8bd-b258-433e-9d9c-6b27958cde85">
<id>597244a2ddedd0.95485458</id>
<enabled>1</enabled>
<name>http_traffic</name>
<description>http</description>
<mode>http</mode>
<algorithm>source</algorithm>
<linkedServers>6b7aa04a-e7a7-4ab7-a575-f998d9f2685c,4820f14b-f9c4-4b61-9625-946857ec47e5</linkedServers>
<source/>
<healthCheckEnabled>0</healthCheckEnabled>
<healthCheck/>
<healthCheckLogStatus>0</healthCheckLogStatus>
<stickiness_pattern>sourceipv4</stickiness_pattern>
<stickiness_expire>30m</stickiness_expire>
<stickiness_size>50k</stickiness_size>
<stickiness_cookiename/>
<stickiness_cookielength/>
<tuning_timeoutConnect/>
<tuning_timeoutCheck/>
<tuning_timeoutServer/>
<tuning_retries/>
<customOptions/>
<tuning_defaultserver/>
<tuning_noport>0</tuning_noport>
<linkedActions>8a1f1cc9-0302-4d85-8c35-2bd38b910054,73098205-0ee9-4a89-b289-8d741986ab45</linkedActions>
<linkedErrorfiles/>
</backend>
</backends>
<servers>
<server uuid="6b7aa04a-e7a7-4ab7-a575-f998d9f2685c">
<name>se_domain1_com</name>
<description>se_domain1_com</description>
<address>192.168.4.111</address>
<port>80</port>
<checkport/>
<mode>active</mode>
<ssl>0</ssl>
<sslVerify>1</sslVerify>
<sslCA/>
<sslCRL/>
<sslClientCertificate/>
<weight/>
<checkInterval>2s</checkInterval>
<checkDownInterval/>
<source/>
<advanced/>
</server>
<server uuid="4820f14b-f9c4-4b61-9625-946857ec47e5">
<name>se_domain2_com</name>
<description>se_domain2_com</description>
<address>192.168.4.170</address>
<port>80</port>
<checkport/>
<mode>active</mode>
<ssl>0</ssl>
<sslVerify>0</sslVerify>
<sslCA/>
<sslCRL/>
<sslClientCertificate/>
<weight/>
<checkInterval>2s</checkInterval>
<checkDownInterval/>
<source/>
<advanced/>
</server>
</servers>
<healthchecks/>
<acls>
<acl uuid="612e6680-5173-417d-9249-9819f81e23b3">
<id>5961c1176bebe9.97403330</id>
<name>al_domain1_com</name>
<description>al_domain1_com</description>
<expression>host_matches</expression>
<negate>0</negate>
<value>al_domain1_com</value>
<urlparam/>
<queryBackend/>
</acl>
<acl uuid="8f4f87f9-190e-497f-ab2e-8a69926db96f">
<id>596c4cc128a6d9.48525721</id>
<name>al_domain2_com</name>
<description>al_domain2_com</description>
<expression>host_matches</expression>
<negate>0</negate>
<value>domain2.com</value>
<urlparam/>
<queryBackend/>
</acl>
</acls>
<actions>
<action uuid="8a1f1cc9-0302-4d85-8c35-2bd38b910054">
<name>an_domain1_com</name>
<description>an_domain1_com</description>
<testType>if</testType>
<linkedAcls>612e6680-5173-417d-9249-9819f81e23b3</linkedAcls>
<operator>and</operator>
<type>use_server</type>
<useBackend/>
<useServer>6b7aa04a-e7a7-4ab7-a575-f998d9f2685c</useServer>
<actionName/>
<actionFind/>
<actionValue/>
</action>
<action uuid="73098205-0ee9-4a89-b289-8d741986ab45">
<name>an_domain2_com</name>
<description>an_domain2_com</description>
<testType>if</testType>
<linkedAcls>8f4f87f9-190e-497f-ab2e-8a69926db96f</linkedAcls>
<operator>and</operator>
<type>use_server</type>
<useBackend/>
<useServer>4820f14b-f9c4-4b61-9625-946857ec47e5</useServer>
<actionName/>
<actionFind/>
<actionValue/>
</action>
</actions>
<luas/>
<errorfiles/>
</HAProxy>
</OPNsense>
3
General Discussion / Re: HAPProxy Multidomain
« on: July 21, 2017, 10:10:40 am »
Next problem I'm facing is that I would like to run the frontend in transparent mode.
4
General Discussion / Re: HAPProxy Multidomain
« on: July 21, 2017, 08:16:48 am »
Found a solution in the frontend with optional pass-through, adding these line and removing acl from backends
acl host_domain1 hdr(host) -i domain1.com
acl host_domain2 hdr(host) -i domain2.com
use_backend backend1 if host_domain1
use_backend backend2 if host_domain2
acl host_domain1 hdr(host) -i domain1.com
acl host_domain2 hdr(host) -i domain2.com
use_backend backend1 if host_domain1
use_backend backend2 if host_domain2
5
General Discussion / Re: HAPProxy Multidomain
« on: July 20, 2017, 11:25:27 pm »
Basically this setup would be needed, in this example two acl are defined in the frontend.
https://seanmcgary.com/posts/haproxy---route-by-domain-name
however when add the acl, I get the following error 'use-server' ignored because frontend 'http_in' has no backend capability.
https://seanmcgary.com/posts/haproxy---route-by-domain-name
however when add the acl, I get the following error 'use-server' ignored because frontend 'http_in' has no backend capability.
6
General Discussion / HAPProxy Multidomain
« on: July 20, 2017, 08:58:31 pm »
Dear all,
I'm trying to configure HAProxy with a multidomain setup. I have setup frontend on localhost device and added firewall rules to NAT traffic and a default backend. This setup works great.
But in multidomain setup action and acl are required to probe the correct host. I have setup acl to "host matches" with value www.xyz.com (without the optional fields in the mask). With the action I have set backend and server, but for conditional parameters I don't understand what to set.
Is there any example?
Best Dani
I'm trying to configure HAProxy with a multidomain setup. I have setup frontend on localhost device and added firewall rules to NAT traffic and a default backend. This setup works great.
But in multidomain setup action and acl are required to probe the correct host. I have setup acl to "host matches" with value www.xyz.com (without the optional fields in the mask). With the action I have set backend and server, but for conditional parameters I don't understand what to set.
Is there any example?
Best Dani
Pages: [1]