Messages

1

24.7 Production Series / Re: Certificates - Import , allways self-signed error - HAProxy

« on: November 12, 2024, 08:59:56 pm »

Under trust -> authorities -> import your authoritie certificate    without the private key 

2

24.7 Production Series / Certificates - Import , allways self-signed error - HAProxy

« on: July 28, 2024, 02:13:51 am »

So I had issues with HAproxy that my wildcart cert chain was incomplete.

Tried to import the autority chain cert , but figured out that the new 24.7_5   version makes all imported certs self-signed.   

The previous version opnsense could import correct cert (external)

3

Web Proxy Filtering and Caching / [HAPROXY] websocket upgrade

« on: May 28, 2022, 02:51:09 am »

So I have my HAPROXY working,  but meshcentral and camera systems need modern https websocket support. 

I found out I need to add some ACL to my config.   
https://github.com/opnsense/plugins/issues/2717

 # ACL: Websocket_Upgrade
    acl acl_61bfe65d4066b0.98106842 hdr(Connection) -i Upgrade
    # ACL: Websocket
    acl acl_61bfe67f211b51.96043088 hdr(Upgrade) -i WebSocket
    # ACL: Websocket_WS
    acl acl_61c0e62bc10459.22208791 hdr_beg(host) -i ws
    # ACL: Emby_Webserver
    acl acl_5e811fc593d624.87923872 hdr_sub(host) -i example.com

Problem is ,  I do not know how to do this with the OPNsense haproxy gui ?   
Looks like adding some rule because in the example there are multiple ACL_nrs   for the same service. 

But I dont understand how to do this in the GUI,   and I cannot just create some random  acl_nrs ?