Messages

Hello,
I have nginx setup as reverse proxy with SSL and that works. When I enter the dome to my Home Assistant docker running on my Synology nas on port 8123, I get a "400: Bad Request" error.

Does anyone have some screenshots for me how to setup nginx so I can access Home Assistant?

Thanks!

Tim

This solution works.
Thanks!

You have been a great help, thanks again!

What did the trick for my at the moment was to set a default backend. Now it works.
I will test that setup with my other services on different ports and will let you know here if I am succesful or not.

That tutorial is a lot to read and a lot of things won't be necessary for me, but to understand what's possible it will be great study.

Thanks again, I am marking this as topic as solved.

I think you have already given me a very good hint where my problem might be. But I don't see my forward, maybe you can help me again.
I guess, the problem arises from the setting "Type" that I am using on my Public Services Frontend.

First of all, I have one Public Service only, as I was just going through one of the numerous online tutorials to setup HAProxy. There SSL on port 443 is used only and one public service seems to be enough.
You seem to have two Public Services. One called 0_SNI_Frontend and one called 1_HTTPS_Frontend. Both are listening on different addresses and I assume, have different Types set as well?

Would you mind explaining that setup a little deeper? I think that is what I will need to achieve my target. Or does the link you provided earlier explain that in detail? Then I will deep dive into that long tutorial.

Thanks a lot!
Tim

Thanks for your reply!

I know that HAProxy can be used to separate different incoming URLs on Port 443, but the Port 5001 is just a test for others to come.
Synology Apps use different ports for different services and those ports are setup as standard in those apps. Now I could reconfigure them in my own phone, but explain that to my wife, children, housemates etc.
This is why I want other ports than 443 and 80 to work.
The reason I use HAProxy is mainly, that I can maintain all the SSL certificates in one place and do not have to do this at all the different places in my network.

So is using a different port than 443 and 80 possible with HAProxy or do I need a different plugin?
Best regards
Tim

Hello,
I seem to lost here.

I am running a Synology NAS whiches web interface is to be reached via HTTPS on port 5001. LAN access works fine.

If I set up HAProxy Public Service to listen on port 443 with the respective certificate (SSL offloading) and forward headers, I can reach my Synology NAS.
If I change the listening port to 5001 (that is the only change in the whole setup) I get a "503 Service Unavailable No server is available to handle this request." error.
Incoming firewall rules are defined for port 443 and port 5001 respectively. I just cloned the 443 rule and changed the port.

If listening port is set to 443 and I try to access port 5001, the request times out for HTTP and HTTPS. So nothing else seems listening on that port and protocol. I tried with port 4952 (just to choose another random port) but the result stays the same.

I am missing something for sure, would you point me into the right direction please?

Thanks!
Tim

Thanks, sounds like a good idea. I will give it a try.
One question: Why not make the same approach for IPv4? Shouldn't it work the same way?
I just like to keep things simple, so having the same scheme for IPv4 and IPv6 will allow my stupid brain to realize quickly in a couple of month why I did that this way.

Hello,

I just switched from Sophos UTM to OPNSense so I am still new to OPNSense.

I would like to understand what is best practice to create firewall rules in OPNSense in the followin scenario.

One WAN interface
Four VLANs to separate my network
IPv4 and IPv6 enabled and running on all interfaces and (sub)nets

Target:
Allow internet access from the different internal subnets to the internet without allowing inter VLAN traffic.
Have as few firewall rules as possible for that.

In Sophos there is an object called "Internet" that you can use instead of "any" and by changing the standard Any -> any rule it is achieved what I want.

After reading through here https://forum.opnsense.org/index.php?topic=28447 I guess its not that easy in OPNsense.

Hoping for tipps and already thanking you in advance,

Tim