Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - jackbrenn

#1
I've had a look at the software.

I must admit I'm a little confused. Maybe I have to configure it from the command line?

As an example.
I configure a single website.

Virtual Server
Enabled: Yes
ServerName: mydomain.com
Port: 443

Locations
Enabled: Yes
Virtual Server: mydomain.com:443
Type: Proxy Pass
Path: /
Remote Destination: https://192.168.1.5

Outcome: Works great!

I add another website

Virtual Server
Enabled: Yes
ServerName: coolsite.com
Port: 443

Locations
Enabled: Yes
Virtual Server: coolsite.com:443
Type: Proxy Pass
Path: /
Remote Destination: https://192.168.1.6

This doesn't seems to work?

Initially I got an error, that only a single Location can have the "/" plath specified. However, now I can add new Locations with the "/", but they are only visible in the config file. They are not visible in the GUI. It also breaks the configuration.

I have no doubt I've misunderstood something, but I'm just throwing this out here in case it's easy to understand what I'm doing wrong.
#2
Very interesting, and thanks for the reply.

I'll get it installed and have a look at it within a few days. SNI would work extremely well for me.
#3
Hi,

At the moment, I have around 8 web servers behind HAProxy, with rules and conditions sending packets where they need to go.

I have TLS on both HAProxy and the destination servers.

Example:

https://domain.io > webserver0:443
https://service1.domain.io > webserver1:443
https://service2.domain.io > webserver2:443
https://service3.domain.io > webserver3:443
https://service4.domain.io > webserver4:443
https://service4.domain.io > webserver5:443

If you visit https://service1.domain.io then HAProxy routes you to Webserver1 and so on. This works extremely well.

So to add WAF I've been looking at the OPNWaf plugin. Does does the OPNWaf support a configuration like this?

I've been reading the documentation, but it seems it might only support multiple webservers if they all have different locations /service1, /service2 and so on. Rather than routing based on hostname alone?

https://docs.opnsense.org/vendor/deciso/opnwaf.html