1
Web Proxy Filtering and Caching / problem with the load- balancing of HAProxy into OPNsense
« on: March 26, 2021, 02:55:19 am »
Good evening, Everyone
I hope, Everybody is safe and in good mood !
I was looking for a simillar issue but couldn't find a match so I apologize if I am repeating an issue. Also I have realised that the most available, even official OPNSense - HAProxy' manuals have the old interface shown which is giving even more trouble for the issue.
I am trying to implement HAProxy as an add-on on OPNSense- firewall.
In my DMZ I have two identical CentOS servers with identical web- pages (apache), and IPs - 192.168.100.50, and 192.168.100.100. The access to them from the wan over :80 is granted with a port- forwarding rule on the firewall.
Here's a link to the screenshots from opnsense - https://matrixcollegeca0-my.sharepoint.com/:f:/g/personal/agrozdanov_matrixcollege_ca/Enf3i5QhXz1GqTf75f1Jy2EBTGHcRJr_NMqIPaeFhW7Vxw?e=MV8CNg.
There, you will see also my port- forwarding, and firewall related rules.
I have assumed, I might need a "virtual" ip- address for the load- balancer itself - 192.168.100.10:443 so I have putted it into the Public Services- section of HAProxy. I did it, thinking about how I would've do it If I would've introduce the HA Proxy on a separated PC but I might be wrong ...
Also, I noticed that using anything else than 127.0.0.1 into Public Service - Listen Address will not allow the HAProxy service to start (see the left- top corner of the screenshots, and 06.png) even though the "Test syntax" is done without any errors....
If I use 127.0.0.1:443 into Public Service - Listen Address, and change the port- forwarding rule accordingly, I see on the web- browser the administrative- web interface of the firewall so I am pretty sure it supposed to have a way to "translate" it to an internal, virtual IP ...
Please, give a hand with this issue.
Thank you, and Best Regards,
Asen
I hope, Everybody is safe and in good mood !
I was looking for a simillar issue but couldn't find a match so I apologize if I am repeating an issue. Also I have realised that the most available, even official OPNSense - HAProxy' manuals have the old interface shown which is giving even more trouble for the issue.
I am trying to implement HAProxy as an add-on on OPNSense- firewall.
In my DMZ I have two identical CentOS servers with identical web- pages (apache), and IPs - 192.168.100.50, and 192.168.100.100. The access to them from the wan over :80 is granted with a port- forwarding rule on the firewall.
Here's a link to the screenshots from opnsense - https://matrixcollegeca0-my.sharepoint.com/:f:/g/personal/agrozdanov_matrixcollege_ca/Enf3i5QhXz1GqTf75f1Jy2EBTGHcRJr_NMqIPaeFhW7Vxw?e=MV8CNg.
There, you will see also my port- forwarding, and firewall related rules.
I have assumed, I might need a "virtual" ip- address for the load- balancer itself - 192.168.100.10:443 so I have putted it into the Public Services- section of HAProxy. I did it, thinking about how I would've do it If I would've introduce the HA Proxy on a separated PC but I might be wrong ...
Also, I noticed that using anything else than 127.0.0.1 into Public Service - Listen Address will not allow the HAProxy service to start (see the left- top corner of the screenshots, and 06.png) even though the "Test syntax" is done without any errors....
If I use 127.0.0.1:443 into Public Service - Listen Address, and change the port- forwarding rule accordingly, I see on the web- browser the administrative- web interface of the firewall so I am pretty sure it supposed to have a way to "translate" it to an internal, virtual IP ...
Please, give a hand with this issue.
Thank you, and Best Regards,
Asen