Messages

1

Tutorials and FAQs / Re: Tutorial 2024/02: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: June 17, 2024, 03:43:19 pm »

Hello all,

I have one question. I already have a dynamic DNS provider. Can I continue to use this and just substitute it for the one in the instructions?

Thanks,
Steve

Yes, I am using the service provided by my domain provider, NameCheap. I had read that access to their API was prohibitive, but I guess that depends on each persons situation (I think you need to spend $50 every two years or something).

2

Tutorials and FAQs / Re: Tutorial 2024/02: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: June 17, 2024, 02:52:58 pm »

First off, I'd like to extend a huge amount of gratitude to HellSite for the superb guide. I can't begin to imagine how many hours this guide must has saved cumulatively across the community!

Regarding the non-SSL posts, I too am having this issue.

1. Created a new server "NOSSL_server", without "Verify SSL cert" checked.
2. Created a new backed "NOSSL_backend" in TCP mode.
3. Created a new mapfile "NOSSL_PUBLIC_SUBDOMAINS_mapfile" with the content nossl   NOSSL_backend
4. Created a rule "NOSSL_PUBLIC_SUBDOMAINS_rule" which maps domains to backends using the mapfile "NOSSL_PUBLIC_SUBDOMAINS_mapfile"
5. Edited the public service "0_SNI_frontend" to use the rule "NOSSL_PUBLIC_SUBDOMAINS_rule"

I've not changed any of the existing settings from the original guide provided.

It sounds like I'm getting the same result as the below posters. I get a 503, as HAproxy forces a request for http://nossl.example.com to https://nossl.example.com.

I've tried messing with a few settings which felt like they make sense to me, but I wasn't successful. I am one of those people who know enough to be dangerous, so can follow a guide to get it working and understand some/most of what I'm doing, but struggle when it goes wrong/doesn't do quite what I want.

@dMopp have you found a solution? I don't get it to work
I have two Services
192.168.5.2:8081 --> works with https://192.168.5.2:8081 (So the HAProxy works)
192.168.5.3:8082 --> works only with http://192.168.5.3:8082

For the Service without SSL i have add this parameters:

• Real Server: Identical to the Server like Plex, Port 8082 and disabled the SSL option (Testet disabled and enabled)
• Added a Map file like the public domains
• Conditions: No new conditions
• Rules: Copy of the public domain map and change the map file
• Backend: Copy the Plex Backend and change Mode to TCP and Server to the new Real Server
• Public Service: Add the new rule to the sni frontend

I get only the 503 Service Unavailable

Thanks for the great tutorial.

Is there a way to exclude the HTTPS force for specific Backends? (Based on the tutorial here). Background: For HomeAssistant and stupid IOT devices, i need to have my HA instance reachable over http, too (with a different domain at least so i can firewall it a lot )

3

Tutorials and FAQs / Re: Tutorial 2024/02: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: May 21, 2024, 02:40:29 pm »

Thanks for the great tutorial.

Is there a way to exclude the HTTPS force for specific Backends? (Based on the tutorial here). Background: For HomeAssistant and stupid IOT devices, i need to have my HA instance reachable over http, too (with a different domain at least so i can firewall it a lot )

Ping

If I understand what you are after, this is explained in FAQ 6: However, having tried it myself I also cannot get it to work.

How can we load balance TCP traffic that we don't want to get SSL offloaded, f.e. OpenVPN over TCP?
In my tutorial I only explain how to "redirect+load balance SSL offloaded traffic".
This is because I myself don't have (yet) the need to actually load balance any non SSL traffic.
However balancing non SSL traffic is pretty much the same as balancing SSL traffic.
You only have to make sure that your "NOSSLservice_rule" or "NOSSLservices_mapfile_rule" is placed on the "SNI_frontend" instead of the "HTTPS_frontend" and that the backend that belongs to your "NOSSLservice_server" is running in TCP mode.

4

General Discussion / Re: WebGUI access from WAN??

« on: March 15, 2020, 10:42:53 pm »

Try disabling reply-to on WAN rules (Firewall > Settings > Advanced)