"
I have a big problem with HAProxy, and i need your help
I would like to manage several domains on a server behind the firewall with the HAProxy. Either my firewall rules are incorrect, or I have errors in the configuration of the HAProxy.
I forward the traffic from port 80 to 3456 and from 443 to port 3457. I switched the firewall to 4433. Lets encrypt does the server jitsi meet with httpd. therefore do not need in firewall.
I read up on the topic in several hours in the forum and tested a lot. Nothing led to the result.
I also don't know whether I need a NAT rule or just need to adjust the WAN rule.
My WAN rule is
Source WAN - Port 80 - Destination This Firewall - Port 3456 for HAProxy Public
Source WAN - Port 443 - Destination This Firewall - Port 3457 for HAProxy Public
Question also, how are the settings in Firewall - Settings - Advanced for NAT?
My Config HAProxy
#
# Automatically generated configuration.
# Do not edit this file manually.
#
global
# NOTE: Could be a security issue, but required for some feature.
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group proxy mode 775 level admin
nbproc 1
nbthread 1
maxconn 5
tune.ssl.default-dh-param 2048
spread-checks 0
tune.chksize 16384
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log local0 info
defaults
log global
option redispatch -1
maxconn 20
timeout client 30s
timeout connect 30s
timeout server 30s
retries 3
default-server init-addr last,libc
# autogenerated entries for ACLs
# autogenerated entries for config in backends/frontends
# autogenerated entries for stats
# Frontend: Jitsi_Public_https (Jitsi_Public_https)
frontend Jitsi_Public_https
bind 127.0.0.1:3456 name 127.0.0.1:3456
bind 127.0.0.1:443 name 127.0.0.1:443
mode http
option http-keep-alive
default_backend Jitsi_back
option forwardfor
# tuning options
timeout client 30s
# logging options
# ACL: Jitsi_Cond
acl acl_600fb578589215.86852135 hdr_sub(host) -i name.name.domain (anonymized the domain)
# ACTION: Jitsi_Rule
http-request allow if acl_600fb578589215.86852135
# Frontend: Jitsi_Public (Jitsi_Public)
frontend Jitsi_Public
bind 127.0.0.1:3457 name 127.0.0.1:3457
bind 127.0.0.1:80 name 127.0.0.1:80
mode http
option http-keep-alive
default_backend Jitsi_back
option forwardfor
# tuning options
timeout client 30s
# logging options
# ACL: Jitsi_Cond
acl acl_600fb578589215.86852135 hdr_sub(host) -i name.name.domain (anonymized the domain)
# ACTION: Jitsi_Rule
http-request allow if acl_600fb578589215.86852135
# Backend: Jitsi_back (Jitsi_back)
backend Jitsi_back
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
# ACL: Jitsi_Cond
acl acl_600fb578589215.86852135 hdr_sub(host) -i name.name.domain (anonymized the domain)
# ACTION: Jitsi_Rule
http-request allow if acl_600fb578589215.86852135
http-reuse safe
server Jitsi_real 192.168.99.67:80
Can you help me locate the problem?
I would like to manage several domains on a server behind the firewall with the HAProxy. Either my firewall rules are incorrect, or I have errors in the configuration of the HAProxy.
I forward the traffic from port 80 to 3456 and from 443 to port 3457. I switched the firewall to 4433. Lets encrypt does the server jitsi meet with httpd. therefore do not need in firewall.
I read up on the topic in several hours in the forum and tested a lot. Nothing led to the result.
I also don't know whether I need a NAT rule or just need to adjust the WAN rule.
My WAN rule is
Source WAN - Port 80 - Destination This Firewall - Port 3456 for HAProxy Public
Source WAN - Port 443 - Destination This Firewall - Port 3457 for HAProxy Public
Question also, how are the settings in Firewall - Settings - Advanced for NAT?
My Config HAProxy
#
# Automatically generated configuration.
# Do not edit this file manually.
#
global
# NOTE: Could be a security issue, but required for some feature.
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group proxy mode 775 level admin
nbproc 1
nbthread 1
maxconn 5
tune.ssl.default-dh-param 2048
spread-checks 0
tune.chksize 16384
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log local0 info
defaults
log global
option redispatch -1
maxconn 20
timeout client 30s
timeout connect 30s
timeout server 30s
retries 3
default-server init-addr last,libc
# autogenerated entries for ACLs
# autogenerated entries for config in backends/frontends
# autogenerated entries for stats
# Frontend: Jitsi_Public_https (Jitsi_Public_https)
frontend Jitsi_Public_https
bind 127.0.0.1:3456 name 127.0.0.1:3456
bind 127.0.0.1:443 name 127.0.0.1:443
mode http
option http-keep-alive
default_backend Jitsi_back
option forwardfor
# tuning options
timeout client 30s
# logging options
# ACL: Jitsi_Cond
acl acl_600fb578589215.86852135 hdr_sub(host) -i name.name.domain (anonymized the domain)
# ACTION: Jitsi_Rule
http-request allow if acl_600fb578589215.86852135
# Frontend: Jitsi_Public (Jitsi_Public)
frontend Jitsi_Public
bind 127.0.0.1:3457 name 127.0.0.1:3457
bind 127.0.0.1:80 name 127.0.0.1:80
mode http
option http-keep-alive
default_backend Jitsi_back
option forwardfor
# tuning options
timeout client 30s
# logging options
# ACL: Jitsi_Cond
acl acl_600fb578589215.86852135 hdr_sub(host) -i name.name.domain (anonymized the domain)
# ACTION: Jitsi_Rule
http-request allow if acl_600fb578589215.86852135
# Backend: Jitsi_back (Jitsi_back)
backend Jitsi_back
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
# ACL: Jitsi_Cond
acl acl_600fb578589215.86852135 hdr_sub(host) -i name.name.domain (anonymized the domain)
# ACTION: Jitsi_Rule
http-request allow if acl_600fb578589215.86852135
http-reuse safe
server Jitsi_real 192.168.99.67:80
Can you help me locate the problem?
