1
Tutorials and FAQs / Re: How to use haproxy "replace-path" http-request function
« on: February 14, 2024, 10:50:21 pm »
Does anyone have an Idea?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Tutorials and FAQs / How to use haproxy "replace-path" http-request function
« on: November 08, 2023, 04:22:45 pm »
Hello @all,
I'm using haproxy for several backend pools with ssl offload which is working fine when I use domains which go thru rules into these backends.
Now I want to use the well documented feature of "redirecting" paths.
So for example a request to https://test.domain.com/app1" should be redirected to a backend without the path but still preserving the rest of the path.
It can be used by adding a backend rule "http-request replace-path /xxxx(/)?(.*) /\2" where xxxx is the "virtual" directory
This feature ist documented in https://www.haproxy.com/blog/path-based-routing-with-haproxy
Please can anyone give advice how to use that feature in opnsense's haproxy implementation?
I'm using latest version 23.7.6
Thanks @all in advance from Germany...
I'm using haproxy for several backend pools with ssl offload which is working fine when I use domains which go thru rules into these backends.
Now I want to use the well documented feature of "redirecting" paths.
So for example a request to https://test.domain.com/app1" should be redirected to a backend without the path but still preserving the rest of the path.
It can be used by adding a backend rule "http-request replace-path /xxxx(/)?(.*) /\2" where xxxx is the "virtual" directory
This feature ist documented in https://www.haproxy.com/blog/path-based-routing-with-haproxy
Please can anyone give advice how to use that feature in opnsense's haproxy implementation?
I'm using latest version 23.7.6
Thanks @all in advance from Germany...
3
Virtual private networks / Re: how to bind host from remote vpn ipsec network to local haproxy
« on: February 24, 2021, 08:24:36 pm »
Thank you. That did the trick. No firewall rules needed - thanks god 
I did on each side:
1. System -> Gateways -> Single
-> Add a Gateway. Leave all Fields default. Type a name like "Firewall_Myself" and use the LAN IP Address as "IP Address"
2. System -> Routes -> Configuration
-> Add a Network Address like 192.168.111.0/24 which is the remote LAN of the other Network "behind" the tunnel. Select the local Gateway from (1)
Works great!
Case solved
I did on each side:
1. System -> Gateways -> Single
-> Add a Gateway. Leave all Fields default. Type a name like "Firewall_Myself" and use the LAN IP Address as "IP Address"
2. System -> Routes -> Configuration
-> Add a Network Address like 192.168.111.0/24 which is the remote LAN of the other Network "behind" the tunnel. Select the local Gateway from (1)
Works great!
Case solved
4
Virtual private networks / Re: how to bind host from remote vpn ipsec network to local haproxy
« on: February 22, 2021, 11:32:56 am »
Hello guys.
I updated my original post and made an illustration. Anyone an idea why I can not ping other side from local OPNSense?
I updated my original post and made an illustration. Anyone an idea why I can not ping other side from local OPNSense?
5
Virtual private networks / [solved] how to bind host from remote vpn ipsec network to local haproxy
« on: February 16, 2021, 12:03:05 pm »
Hello, my first post here.
I have two opnsense A and B running with fixed IP addresses and VPN ipsec net-to-net. The tunnels are running well with IPv4 tunnel. I can access all machines from one network A to the other network B. Also I have some web-services behind the haproxy in network B with let's encrypt ACME which is running well also and is available from internet.
What I'm trying to do: have a "server A" with a webservice in network A (behind firewall) and want to access this webservice as a "real server" from haproxy B. That does not work. When I go by using SSH onto OPNSense B and try to ping this (Server A) address - it is NOT reachable. Other adresses in network A are also NOT reachable by ping from firewall. Is that normal? There is just "no response" from the other side when pinging from firewall itself.
Server A with Webservice (192.168.112.112:80)
Network A (192.168.112.0/24)
|
|
OPNSense A (LAN 192.168.112.1)
|
|
VPN Internet
|
|
haproxy B
OPNSense B (LAN 192.168.111.1)
|
|
Network B (192.168.111.0/24)
Open SSH session to OPNSense B:
root@ext-firewall:~ # ping 192.168.112.112
PING 192.168.112.112 (192.168.112.112): 56 data bytes
^C
--- 192.168.112.112 ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss
So it seems that the route goes NOT thru the IPV4 Tunnel when access from local firewall or may be is blocked by firewall rule.
When I ping that host with webservice in network A from another host in network B that is possible and also I can access that webservice on host in network A from a browser in network B.
What must be configured to get this connection from haproxy in firewall B to reach a service behind firewall A - routed by IPV4 tunnel?
Thank you in advance
I have two opnsense A and B running with fixed IP addresses and VPN ipsec net-to-net. The tunnels are running well with IPv4 tunnel. I can access all machines from one network A to the other network B. Also I have some web-services behind the haproxy in network B with let's encrypt ACME which is running well also and is available from internet.
What I'm trying to do: have a "server A" with a webservice in network A (behind firewall) and want to access this webservice as a "real server" from haproxy B. That does not work. When I go by using SSH onto OPNSense B and try to ping this (Server A) address - it is NOT reachable. Other adresses in network A are also NOT reachable by ping from firewall. Is that normal? There is just "no response" from the other side when pinging from firewall itself.
Server A with Webservice (192.168.112.112:80)
Network A (192.168.112.0/24)
|
|
OPNSense A (LAN 192.168.112.1)
|
|
VPN Internet
|
|
haproxy B
OPNSense B (LAN 192.168.111.1)
|
|
Network B (192.168.111.0/24)
Open SSH session to OPNSense B:
root@ext-firewall:~ # ping 192.168.112.112
PING 192.168.112.112 (192.168.112.112): 56 data bytes
^C
--- 192.168.112.112 ping statistics ---
7 packets transmitted, 0 packets received, 100.0% packet loss
So it seems that the route goes NOT thru the IPV4 Tunnel when access from local firewall or may be is blocked by firewall rule.
When I ping that host with webservice in network A from another host in network B that is possible and also I can access that webservice on host in network A from a browser in network B.
What must be configured to get this connection from haproxy in firewall B to reach a service behind firewall A - routed by IPV4 tunnel?
Thank you in advance
Pages: [1]