Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - carlo_gra

Pages1
#1
24.7, 24.10 Legacy Series / Haproxy and Cloudfront
October 29, 2024, 07:21:46 AM
I've succesfully settled HAProxy on OPNSENS with one frotend and few rules to correctly forward traffic on backend pools (I have two for two different services).

Everything is working properly except cloudfront which is used as CDN for a wordpress website (just for images, css and js).

The main domain points directly to haproxy, the cdn subdomain points to cloudfront.
The mail domain is also settled as "origin" for cloudfront.

When I try to reach cdn.XXXX.TLD I get "502 Bad Gateway".
EDIT: I did realize that also from GTMetrix I get the same error while on the others (pingdom, my browser, google page speed) everything seems  ok.

The frontend uses SSL Offloading, I also used SSL with both wildcard and specific domain.

Any suggestion?
#2
Web Proxy Filtering and Caching / HAPROXY and CloudFront
October 28, 2024, 03:18:23 PM
I've succesfully settled HAProxy on OPNSENS with one frotend and few rules to correctly forward traffic on backend pools (I have two for two different services).

Everything is working properly except cloudfront which is used as CDN for a wordpress website (just for images, css and js).

The main domain points directly to haproxy, the cdn subdomain points to cloudfront.
The mail domain is also settled as "origin" for cloudfront.

When I try to reach cdn.XXXX.TLD I get "502 Bad Gateway".
EDIT: I did realize that also from GTMetrix I get the same error while on the others (pingdom, my browser, google page speed) everything seems  ok.

The frontend uses SSL Offloading, I also used SSL with both wildcard and specific domain.

Any suggestion?
#3
Web Proxy Filtering and Caching / Web filter and VPN clients
January 27, 2022, 03:49:29 PM
Most probably this issue was already solved by someone of you but I cannot find any post or docs.

Scenario:
OPNsense succesfully configured with Web Filter that is working properly for LAN clients (transparent mode)
WireGuard succesfully configured for external client. I can connect and the entire traffic is routed throuogh opnsense


ISSUE:

If I want to route traffic for port 80 and 443 through the web filter, when I try to navigate while connected in VPN I get the "ACCESS denied" page and the URL is translated into an IP.

EXAMPLE:
URL: google.com

OUTPUT: ACCESS DENIED to https://123.123.123.123/*

The same request is managed correctly if made from the LAN.

Any idea on how to solve it?
Pages1