1
Web Proxy Filtering and Caching / OPNSense, HAProxy for internal management interfaces
« on: May 24, 2021, 03:37:59 pm »
Hello!
I recently decided to overhaul my homelab, switching from pfSense to OPNSense and from Proxmox to ESXi (for relevant industry experience, and for fun of course).
I also wanted to expand my knowledge with tools I have less experience, so I came up with a challenge for myself: use HAProxy to neatly organize internal management interfaces. Of course, this will not be exposed to the WAN, it will be locked in a management VLAN. Here's what I'm looking for:
Use https://internal.mydomain.org/esxi/alpha/ to access https://<IP of ESXi host>/
This allows me to provide proper certs using SSL offloading and make things look nice and tidy.
I've gotten about halfway there, but I've come into an issue I'm completely unsure how to solve. Here's the issue:
https://internal.mydomain.org/esxi/alpha/ -> redirects to https://internal.mydomain.org/ui/ (which obviously 503s)
https://internal.mydomain.org/esxi/alpha/ui/ -> redirects to https://internal.mydomain.org/esxi/alpha/ui/#/login. Shows the VMWare ESXi login screen. Submitting anything in the login prompt (correct or incorrect credentials alike) prompts me to "Please refresh my browser".
Obviously, some of this funny business is strictly related to ESXi, but hopefully this setup is not overly contrived and can be solved.
My HAProxy config is at https://pastebin.com/Bnxq4AYB.
I recently decided to overhaul my homelab, switching from pfSense to OPNSense and from Proxmox to ESXi (for relevant industry experience, and for fun of course).
I also wanted to expand my knowledge with tools I have less experience, so I came up with a challenge for myself: use HAProxy to neatly organize internal management interfaces. Of course, this will not be exposed to the WAN, it will be locked in a management VLAN. Here's what I'm looking for:
Use https://internal.mydomain.org/esxi/alpha/ to access https://<IP of ESXi host>/
This allows me to provide proper certs using SSL offloading and make things look nice and tidy.
I've gotten about halfway there, but I've come into an issue I'm completely unsure how to solve. Here's the issue:
https://internal.mydomain.org/esxi/alpha/ -> redirects to https://internal.mydomain.org/ui/ (which obviously 503s)
https://internal.mydomain.org/esxi/alpha/ui/ -> redirects to https://internal.mydomain.org/esxi/alpha/ui/#/login. Shows the VMWare ESXi login screen. Submitting anything in the login prompt (correct or incorrect credentials alike) prompts me to "Please refresh my browser".
Obviously, some of this funny business is strictly related to ESXi, but hopefully this setup is not overly contrived and can be solved.
My HAProxy config is at https://pastebin.com/Bnxq4AYB.