Messages

Hello
I had set up my Haproxy version 3.12 but it doesnt work.
I used this tutorial: https://forum.opnsense.org/index.php?topic=23339.0
Can somebody help me

HaProxy logs:

Code Select Expand

2022-11-25T10:15:47 Informational haproxy 92.255.85.173:58621 [25/Nov/2022:10:15:47.935] 0_SNI_frontend SSL_backend/SSL_server 1/0/44 0 -- 1/1/0/0/0 0/0
2022-11-25T10:15:47 Error haproxy 92.255.85.173:58621 [25/Nov/2022:10:15:47.935] 1_HTTPS_frontend/127.4.4.3:443: SSL handshake failure
2022-11-25T10:15:00 Informational haproxy 127.0.0.1:44163 [25/Nov/2022:10:15:00.452] 0_SNI_frontend SSL_backend/SSL_server 1/0/23 4610 -- 1/1/0/0/0 0/0
2022-11-25T10:15:00 Error haproxy 127.0.0.1:44163 [25/Nov/2022:10:15:00.474] 1_HTTPS_frontend~ 1_HTTPS_frontend/<NOSRV> -1/-1/-1/-1/0 0 0 - - PR-- 2/1/0/0/0 0/0 "<BADREQ>"
2022-11-25T10:08:54 Informational haproxy 10.0.2.1:49118 [25/Nov/2022:10:08:54.550] 0_SNI_frontend SSL_backend/SSL_server 1/0/1 91 -- 1/1/0/0/0 0/0
2022-11-25T10:08:54 Informational haproxy 10.0.2.1:49118 [25/Nov/2022:10:08:54.550] 1_HTTP_frontend 1_HTTP_frontend/<NOSRV> 0/-1/-1/-1/0 301 98 - - LR-- 2/1/0/0/0 0/0 "GET / HTTP/1.1"
2022-11-25T10:08:25 Informational haproxy 78.104.49.67:54540 [25/Nov/2022:10:08:25.272] 0_SNI_frontend SSL_backend/SSL_server 1/0/35 91 -- 1/1/0/0/0 0/0
2022-11-25T10:08:25 Informational haproxy 78.104.49.67:54540 [25/Nov/2022:10:08:25.278] 1_HTTP_frontend 1_HTTP_frontend/<NOSRV> 0/-1/-1/-1/0 301 98 - - LR-- 2/1/0/0/0 0/0 "GET / HTTP/1.1"
2022-11-25T10:08:05 Error haproxy 78.104.49.67:34626 [25/Nov/2022:10:08:02.686] 1_HTTPS_frontend~ server1_backend/server1_server 0/3167/-1/-1/3168 503 217 - - SC-- 2/1/0/0/3 0/0 "GET https://server1.cdomes.at/ HTTP/2.0"
2022-11-25T10:05:00 Informational haproxy 127.0.0.1:14392 [25/Nov/2022:10:05:00.240] 0_SNI_frontend SSL_backend/SSL_server 1/0/14 4611 -- 1/1/0/0/0 0/0
2022-11-25T10:05:00 Error haproxy 127.0.0.1:14392 [25/Nov/2022:10:05:00.253] 1_HTTPS_frontend~ 1_HTTPS_frontend/<NOSRV> -1/-1/-1/-1/0 0 0 - - PR-- 2/1/0/0/0 0/0 "<BADREQ>"
2022-11-25T09:55:00 Informational haproxy 127.0.0.1:46781 [25/Nov/2022:09:55:00.272] 0_SNI_frontend SSL_backend/SSL_server 1/0/13 4611 -- 1/1/0/0/0 0/0
2022-11-25T09:55:00 Error haproxy 127.0.0.1:46781 [25/Nov/2022:09:55:00.284] 1_HTTPS_frontend~ 1_HTTPS_frontend/<NOSRV> -1/-1/-1/-1/0 0 0 - - PR-- 2/1/0/0/0 0/0 "<BADREQ>"
2022-11-25T09:53:29 Error haproxy 45.156.242.189:60252 [25/Nov/2022:09:52:55.993] 0_SNI_frontend SSL_backend/SSL_server 1/0/33306 722 cD 2/1/0/0/0 0/0


This is my config:

Code Select Expand

#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbproc                      1
    nbthread                    4
    hard-stop-after             60s
    no strict-limits
    maxconn                     10000
    tune.ssl.default-dh-param   4096
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    maxconn 5000
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: 0_SNI_frontend ()
frontend 0_SNI_frontend
    bind 0.0.0.0:443 name 0.0.0.0:443
    bind 0.0.0.0:80 name 0.0.0.0:80
    mode tcp
    default_backend SSL_backend
    # tuning options
    timeout client 30s

    # logging options
    option log-separate-errors
    option tcplog

# Frontend: 1_HTTP_frontend ()
frontend 1_HTTP_frontend
    bind 127.4.4.3:80 name 127.4.4.3:80 accept-proxy
    mode http
    option http-keep-alive
    option forwardfor
    # tuning options
    timeout client 30s

    # logging options
    option httplog
    # ACL: NoSSL_condition
    acl acl_637dfb2d6b6bf6.08018343 ssl_fc

    # ACTION: HTTPtoHTTPS_rule
    http-request redirect scheme https code 301 if !acl_637dfb2d6b6bf6.08018343

# Frontend: 1_HTTPS_frontend ()
frontend 1_HTTPS_frontend
    http-response set-header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    bind 127.4.4.3:443 name 127.4.4.3:443 accept-proxy ssl curves secp384r1  no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-GCM-SHA384 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/637f3c69b94cf9.63237305.certlist
    mode http
    option http-keep-alive
    option forwardfor
    # tuning options
    timeout client 15m

    # logging options
    option log-separate-errors
    option httplog

    # ACTION: PUBLIC_SUBDOMAINS_map-rule
    # NOTE: actions with no ACLs/conditions will always match
    use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/637dfb769726c4.73007068.txt)]

# Backend: SSL_backend ()
backend SSL_backend
    # health checking is DISABLED
    mode tcp
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    server SSL_server 127.4.4.3 send-proxy-v2 check-send-proxy

# Backend: UNRAID_backend ()
backend UNRAID_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server UNRAID_server 10.0.1.1:433 ssl verify none

# Backend: server1_backend ()
backend server1_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server server1_server 10.0.2.1:433 ssl verify none



# statistics are DISABLED

@theHellSite
Hello
When I overide the dns Server will the haproxy still be used or not?

I solved the problem. My oinkcode was also flase

Yeah i know

Hello
When i click install at suricata the snort rules are not downloading.
The Download link is false. How can i change this?

Wrong: https://www.snort.org/rules/snortrules-snapshot-31110.tar.gz?oinkcode=7a099868e818b5f8c4fd52d4842ded4c3d8c0f39

Right: https://www.snort.org/downloads/registered/snortrules-snapshot-31110.tar.gz?oinkcode=7a099868e818b5f8c4fd52d4842ded4c3d8c0f39

In the Attach you will see the log.

Hello
I seted up openvpn on my opnsense. I can connect to the vpn and also can access to opnsense (10.1.1.1) but i have no access to my whole lan. Can somebody help me please. Just say what infos you need.
Thanks!

I solve the problem
False pppoe config was the issue

Hello
I have a problem
I have opnsense in a vm on unraid. Unraid and opnsense work
But when i connect the wan port then opnsense and also unraid is unreachable. Then i must restart my server