"
Hi thank you for this great tutorial, but on my OPNsense i can not figure it out why it isnt working. I tried to use everything 1:1 but i can not reache my service outside my network. I pasted my config down below. When i test everything i get no connection.
The Log files tell me that the HAProxy works but something else not, so i can not reache to my subdomains. When i put the ip address of the router in the browser tab i get a error message that no server is available under this address (i didnt add the router ip as a real server) But i can not reache to my services. When i type service_name.mydomain.com i get no error or connection even when i put the ip address in the sarchbar.
The Log files tell me that the HAProxy works but something else not, so i can not reache to my subdomains. When i put the ip address of the router in the browser tab i get a error message that no server is available under this address (i didnt add the router ip as a real server) But i can not reache to my services. When i type service_name.mydomain.com i get no error or connection even when i put the ip address in the sarchbar.
Code Select
#
# Automatically generated configuration.
# Do not edit this file manually.
#
global
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group proxy mode 775 level admin
nbthread 4
hard-stop-after 60s
no strict-limits
maxconn 10000
tune.ssl.ocsp-update.mindelay 300
tune.ssl.ocsp-update.maxdelay 3600
httpclient.resolvers.prefer ipv4
tune.ssl.default-dh-param 4096
spread-checks 2
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log local0 info
lua-prepend-path /tmp/haproxy/lua/?.lua
defaults
log global
option redispatch -1
maxconn 5000
timeout client 30s
timeout connect 30s
timeout server 30s
retries 3
default-server init-addr last,libc
default-server maxconn 5000
# autogenerated entries for ACLs
# autogenerated entries for config in backends/frontends
# autogenerated entries for stats
# Frontend: 0_SNI_frontend (Listening on 0.0.0.0:80 ; 0.0.0.0:443)
frontend 0_SNI_frontend
bind 0.0.0.0:80 name 0.0.0.0:80
bind 0.0.0.0:443 name 0.0.0.0:443
mode tcp
default_backend SSL_Backend
# logging options
# Frontend: 1_HTTP_frontend (Listening on 192.20.20.1:80)
frontend 1_HTTP_frontend
bind 192.20.20.1:80 name 192.20.20.1:80 accept-proxy
mode http
option http-keep-alive
option forwardfor
# logging options
# ACL: NoSSL_condition
acl acl_66c05db3462366.82815483 ssl_fc
# ACTION: HTTPtoHTTPS_rule
http-request redirect scheme https code 301 if !acl_66c05db3462366.82815483
# Frontend: 1_HTTPS_frontend (Listening on 192.20.20.1:443)
frontend 1_HTTPS_frontend
http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
bind 192.20.20.1:443 name 192.20.20.1:443 accept-proxy ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/668a7ba3dc2070.92150850.certlist
mode http
option http-keep-alive
option forwardfor
timeout client 15m
# logging options
# ACTION: PUBLIC_SUBDOMAINS_rule
# NOTE: actions with no ACLs/conditions will always match
use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/668ae413c58075.52158060.txt)]
# Backend: SSL_Backend ()
backend SSL_Backend
# health checking is DISABLED
mode tcp
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
server SSL_Server 192.20.20.1 send-proxy-v2 check-send-proxy
# Backend: JELLYFIN_Backend ()
backend JELLYFIN_Backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
http-reuse safe
server JELLYFIN_Server 172.17.10.24:8096 ssl verify none
# statistics are DISABLED
