OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of dima1002 »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - dima1002

Pages: [1]
1
German - Deutsch / 2FA mit Haproxy für verschiedene Dienste
« on: August 13, 2024, 08:40:21 am »
Hi Leute,
ist es möglich mit der Opnsense und HAproxy für verschiedene Dienste 2FA zu Aktivieren? Habe gesehen das es so eine Funktion gibt, weiß aber nicht ob man das z.B. dann auch auf Nextcloud usw. einführen kann?
Wenn ja, wie geht das?
Danke :-)

2
German - Deutsch / Haproxy mit 2 Domains
« on: August 10, 2024, 11:07:03 am »
Hallo Leute,

ich habe einen HAProxy mit 2 Domains. Hier in meinem Beispiel mit

service.de und test-technik.de

Nun soll z.B. bei c.service.de das Zertifikat kommen von service.de, es kommt aber das von test-technik.de.
Warum?

Code: [Select]
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    6
    hard-stop-after             60s
    no strict-limits
    tune.ssl.ocsp-update.mindelay 300
    tune.ssl.ocsp-update.maxdelay 3600
    httpclient.resolvers.prefer   ipv4
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    timeout client 60s
    timeout connect 60s
    timeout server 60s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: Letsencrypt_80 ()
frontend Letsencrypt_80
    bind 192.168.252.253:80 name 192.168.252.253:80
    mode tcp
    default_backend acme_challenge_backend

    # logging options
    # ACL: find_acme_challenge
    acl acl_6546b7f7e92430.59551874 path_beg -i /.well-known/acme-challenge/

    # ACTION: redirect_acme_challenges
    use_backend acme_challenge_backend if acl_6546b7f7e92430.59551874

# Frontend: LetsEncrypt_service.de (LetsEncrypt_service.de)
frontend LetsEncrypt_service.de
    http-response set-header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    bind 192.168.252.253:443 name 192.168.252.253:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/657480646e0916.14570670.certlist
    mode http
    option http-keep-alive

    # logging options
    # ACL: Cloud
    acl acl_6574814183df20.44437889 ssl_fc_sni c.service.de
    # ACL: Bitwarden
    acl acl_6574821b797e36.16475695 hdr(host) -i v.service.de
    # ACL: BItwarden Archiv
    acl acl_6574823ea51b23.44386971 hdr(host) -i archiv.service.de
    # ACL: invoice1
    acl acl_657481f7177426.76902867 hdr(host) -i invoice.service.de
    # ACL: find_acme_challenge
    acl acl_6546b7f7e92430.59551874 path_beg -i /.well-known/acme-challenge/
    # ACL: telefon
    acl acl_65ae234d52eaa2.85527754 hdr(host) -i telefon.service.de
    # ACL: Grommunino1
    acl acl_664c906453f702.68929731 hdr(host) -i mail.service.de
    # ACL: Keycloak
    acl acl_668a627a78cb38.48749184 path_beg -i /auth
    # ACL: Autodiscover
    acl acl_657481df6faa20.35926111 hdr(host) -i autodiscover.service.de
    # ACL: Grommunino2
    acl acl_66aa0b17cdf2b9.22616028 hdr(host) -i mail.service.de

    # ACTION: Cloud
    use_backend Cloud if acl_6574814183df20.44437889
    # ACTION: Bitwarden
    use_backend Bitwarden if acl_6574821b797e36.16475695
    # ACTION: BitwardenArchiv
    use_backend BitwardenArchiv if acl_6574823ea51b23.44386971
    # ACTION: invoice1
    use_backend invoice if acl_657481f7177426.76902867
    # ACTION: redirect_acme_challenges
    use_backend acme_challenge_backend if acl_6546b7f7e92430.59551874
    # ACTION: telefon
    use_backend telefon if acl_65ae234d52eaa2.85527754
    # ACTION: Mailserver
    use_backend Mail1 if acl_664c906453f702.68929731
    # ACTION: Keycloak
    use_backend Keycloak if acl_668a627a78cb38.48749184
    # ACTION: Mail2
    use_backend Mail2 if acl_657481df6faa20.35926111 || acl_66aa0b17cdf2b9.22616028
    # WARNING: pass through options below this line
    redirect scheme https code 301 if !{ ssl_fc }

# Frontend: telefon_5222 ()
frontend telefon_5222
    bind 192.168.252.253:5222 name 192.168.252.253:5222
    mode tcp
    default_backend telefon5222

    # logging options

# Frontend: telefon_5060 ()
frontend telefon_5060
    bind 192.168.252.253:5060 name 192.168.252.253:5060
    mode tcp
    default_backend telefon5060

    # logging options

# Frontend: telefon_5061 ()
frontend telefon_5061
    bind 192.168.252.253:5061 name 192.168.252.253:5061
    mode tcp
    default_backend telefon5061

    # logging options

# Frontend: Mailserver_8443 ()
frontend Mailserver_8443
    bind 192.168.252.253:8443 name 192.168.252.253:8443
    mode tcp
    default_backend Mail2

    # logging options

# Frontend: LetsEncrypt_test-technik.de (LetsEncrypt_test-technik.de)
frontend LetsEncrypt_test-technik.de
    http-response set-header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    bind 192.168.252.253:443 name 192.168.252.253:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/66ad001d7bbba8.47335583.certlist
    mode http
    option http-keep-alive

    # logging options
    # ACL: find_acme_challenge
    acl acl_6546b7f7e92430.59551874 path_beg -i /.well-known/acme-challenge/
    # ACL: invoice2
    acl acl_66acf64f3d9ab6.26511269 hdr(host) -i www.test-technik.de

    # ACTION: redirect_acme_challenges
    use_backend acme_challenge_backend if acl_6546b7f7e92430.59551874
    # ACTION: invoice2
    use_backend invoice if acl_66acf64f3d9ab6.26511269
    # WARNING: pass through options below this line
    redirect scheme https code 301 if !{ ssl_fc }

# Backend: acme_challenge_backend (Added by ACME Client plugin)
backend acme_challenge_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server acme_challenge_host 127.0.0.1:43580

# Backend: Cloud ()
backend Cloud
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server Cloud 192.168.211.32:80

# Backend: invoice ()
backend invoice
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    # WARNING: pass through options below this line
    http-request set-header X-Real-IP %[src]
    http-reuse safe
    server invoice 192.168.211.30:443 ssl verify none

# Backend: Bitwarden ()
backend Bitwarden
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    retries 3
    # WARNING: pass through options below this line
    http-request set-header X-Real-IP %[src]
    http-reuse safe
    server Bitwarden 192.168.211.31:8080

# Backend: BitwardenArchiv ()
backend BitwardenArchiv
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server BitwardenArchiv 192.168.211.73:443 ssl verify none

# Backend: telefon ()
backend telefon
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server telefon443 192.168.211.5:443 ssl verify none

# Backend: Mail1 ()
backend Mail1
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    cookie KC_ROUTE insert indirect nocache
    # WARNING: pass through options below this line
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Port 443
    http-request set-header X-Forwarded-For %[src]
    option forwardfor
    http-reuse safe
    option forwardfor
    server Mailserver 192.168.211.33:443 ssl alpn h2,http/1.1 verify none cookie 6607c74887063778516557

# Backend: telefon5222 ()
backend telefon5222
    # health checking is DISABLED
    mode tcp
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    server telefon5222 192.168.211.5:5222

# Backend: telefon5060 ()
backend telefon5060
    # health checking is DISABLED
    mode tcp
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    server telefon5060 192.168.211.5:5060

# Backend: telefon5061 ()
backend telefon5061
    # health checking is DISABLED
    mode tcp
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    server telefon5061 192.168.211.5:5061

# Backend: Keycloak ()
backend Keycloak
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    cookie KC_ROUTE insert indirect nocache
    # WARNING: pass through options below this line
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Port 443
    http-request set-header X-Forwarded-For %[src]
    option forwardfor
    http-reuse safe
    option forwardfor
    server Keycloak 192.168.211.33:8080 cookie 668a62bcb6c3f299187837

# Backend: Mail2 ()
backend Mail2
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    cookie KC_ROUTE insert indirect nocache
    # WARNING: pass through options below this line
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Port 443
    http-request set-header X-Forwarded-For %[src]
    option forwardfor
    http-reuse safe
    option forwardfor
    server Mail2 192.168.211.83:443 ssl alpn h2,http/1.1 verify none cookie 66aa0aef4fe2c713022817
    server Mail21 192.168.211.83:8443 ssl alpn h2,http/1.1 verify none cookie 66aa2aaf5fe7c129653610



# statistics are DISABLED

3
German - Deutsch / 2fA - Opnsense - Authentication failed
« on: July 23, 2024, 03:09:00 pm »
Hi,

ich habe unter System -Access - Servers mich per LDAP am Univention Server verbunden.
Wenn ich dort auf "Authentication containers" - Select klicke bekomme ich meine Ordner Auswahl.
D.h. ich bin doch erfolgreich per LDAP mit meinen Server verbunden oder?

Im Univention sehe ich:
sAMAccountName: benutzername

D.h. ich habe unter  "User naming attribute" sAMAccountName eingetragen.

Wenn ich nun am Testserver teste, bekomme ich immer nur "Authentication failed"
Auf dem UCS finde ich dazu leider kein log.

Danke schonmal

4
German - Deutsch / Redirect - Grommunio
« on: July 03, 2024, 06:21:49 pm »
Hallo,

kann jemand bitte mal über meine Konfiguration drüber schauen.
Beim Grommunio Server bekomme ich immer ein Redirect, wieso?

Code: [Select]
#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    6
    hard-stop-after             60s
    no strict-limits
    tune.ssl.ocsp-update.mindelay 300
    tune.ssl.ocsp-update.maxdelay 3600
    httpclient.resolvers.prefer   ipv4
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua
cache opnsense-haproxy-cache
    total-max-size 4
    max-age 60
    process-vary off

defaults
    log     global
    option redispatch -1
    timeout client 60s
    timeout connect 60s
    timeout server 60s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: Letsencrypt_80 ()
frontend Letsencrypt_80
    bind 192.168.252.253:80 name 192.168.252.253:80
    mode tcp
    default_backend acme_challenge_backend

    # logging options
    # ACL: find_acme_challenge
    acl acl_6546b7f7e92430.59551874 path_beg -i /.well-known/acme-challenge/

    # ACTION: redirect_acme_challenges
    use_backend acme_challenge_backend if acl_6546b7f7e92430.59551874

# Frontend: LetsEncrypt_443 (LetsEncrypt_443)
frontend LetsEncrypt_443
    http-response set-header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
    bind 192.168.252.253:443 name 192.168.252.253:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/657480646e0916.14570670.certlist
    mode http
    option http-keep-alive
    default_backend acme_challenge_backend
    option forwardfor

    # logging options
    # ACL: find_acme_challenge
    acl acl_6546b7f7e92430.59551874 path_beg -i /.well-known/acme-challenge/
    # ACL: grom
    acl acl_664c906453f702.68929731 hdr(host) -i mail.test.de



    # ACTION: redirect_acme_challenges
    use_backend acme_challenge_backend if acl_6546b7f7e92430.59551874
    # ACTION: Grommunio
    use_backend Grommunio if acl_664c906453f702.68929731



# Backend: acme_challenge_backend (Added by ACME Client plugin)
backend acme_challenge_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server acme_challenge_host 127.0.0.1:43580


# Backend: Grommunio ()
backend Grommunio
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    # WARNING: pass through options below this line
    http-request set-header X-Real-IP %[src]
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request cache-use opnsense-haproxy-cache
    http-response cache-store opnsense-haproxy-cache
    http-reuse safe
    option forwarded proto host for
    option forwardfor
    http-request cache-use opnsense-haproxy-cache
    http-response cache-store opnsense-haproxy-cache
    server Grommunio 192.168.133.33:443 ssl alpn h2,http/1.1 verify none



# statistics are DISABLED

5
German - Deutsch / https Fehler - beim Surfen kommt das Falsche Zertifikat
« on: May 30, 2024, 08:49:32 pm »
Hallo Leute,

der Server TEST01TS01 ist hinter der Opnsense und wenn ich dort einfach nur Surfen möchte, z.B. google.de aufrufe bekomme ich ein Zertifikatfehler.

Es erscheint immer das Zertifikat vom HA Proxy. Bzw. Acme Client. Warum?

Hier meine Konfiguration:

6
German - Deutsch / X-Forwarded-Proto und X-Forwarded-Host in der GUI?
« on: April 26, 2023, 11:59:25 am »
Hallo,

wo kann ich in der GUI im HAProxy das setzen?

X-Forwarded-Proto und X-Forwarded-Host

Und wenn das nicht in der GUI geht, wo dann?

7
German - Deutsch / Haproxy - Log nur Opnsense IP Adresse
« on: April 18, 2023, 09:48:00 am »
Hallo Leute,
ich habe einen HAProxy, wenn ich da im Log schaue, sehe ich jetzt nur noch die IP Adresse von der Opnsense.
Ist es trotzdem möglich die eigentliche IP Adresse zu sehen?


8
Web Proxy Filtering and Caching / Website is very slow mit HAProxy and sometimes too many redirects
« on: April 16, 2023, 11:52:08 am »
Hello,

can you please check my configuration?
What can be improved?
I have the feeling that the website is sometimes very slow.
Every now and then I get an error with too many redirects, but I don't know if this is a website error.
Code: [Select]
root@OPNsense:/usr/local/etc # cat haproxy.conf
#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    4
    hard-stop-after             60s
    no strict-limits
    maxconn                     10000
    tune.ssl.default-dh-param   4096
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log audit debug
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    maxconn 5000
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: LetsEncrypt_443 ()
frontend LetsEncrypt_443
    http-response set-header Strict-Transport-Security "max-age=15552000; includeSubDomains; preload"
    bind 192.168.152.253:443 name 192.168.152.253:443 ssl prefer-client-ciphers ssl-min-ver TLSv1.2 ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/605f6609f106d1.17683543.certlist
    mode http
    option http-keep-alive
    default_backend acme_challenge_backend
    option forwardfor

    # logging options
    # ACL: OdooTest
    acl acl_6431291a1ba8d6.01912608 hdr(host) -i odootest.test.de

    # ACTION: OdooTest
    use_backend OdooTest if acl_6431291a1ba8d6.01912608

# Frontend: LetsEncrypt_80 ()
frontend LetsEncrypt_80
    bind 192.168.152.253:80 name 192.168.152.253:80
    mode tcp
    default_backend acme_challenge_backend

    # logging options
    # ACL: find_acme_challenge
    acl acl_615a6d4b6453d2.03059920 path_beg -i /.well-known/acme-challenge/

    # ACTION: redirect_acme_challenges
    use_backend acme_challenge_backend if acl_615a6d4b6453d2.03059920

# Backend: acme_challenge_backend (Added by Let's Encrypt plugin)
backend acme_challenge_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m
    stick on src
    http-reuse safe
    server acme_challenge_host 127.0.0.1:43580

# Backend: OdooTest ()
backend OdooTest
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m
    stick on src
    http-reuse safe
    server OdooTEST 192.168.131.83:443 ssl verify none

# statistics are DISABLED

root@OPNsense:/usr/local/etc #

nginx file:

Code: [Select]
#odoo server
upstream odoo {
  server 127.0.0.1:8069;
}
upstream odoochat {
  server 127.0.0.1:8072;
}
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

# http -> https
server {
  listen 80;
  server_name odootest.test.de;
  rewrite ^(.*) https://$host$1 permanent;
}

server {
  listen 443 ssl;
  server_name odootest.test.de;
  proxy_read_timeout 720s;
  proxy_connect_timeout 720s;
  proxy_send_timeout 720s;

  # SSL parameters
  ssl_certificate /etc/ssl/certs/test.de.cert.pem;
  ssl_certificate_key /etc/ssl/private/test.de.key.pem;
  ssl_session_timeout 30m;
  ssl_protocols TLSv1.2;
  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  ssl_prefer_server_ciphers off;

  # log
  access_log /var/log/nginx/odoo.access.log;
  error_log /var/log/nginx/odoo.error.log;

  # Redirect websocket requests to odoo gevent port
  location /websocket {
    proxy_pass http://odoochat;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
  }

  # Redirect requests to odoo backend server
  location / {
    # Add Headers for odoo proxy mode
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_redirect off;
    proxy_pass http://odoo;
  }

  # common gzip
  gzip_types text/css text/scss text/plain text/xml application/xml application/json application/javascript;
  gzip on;
}

9
German - Deutsch / Weiterleitung an Port 400
« on: April 11, 2023, 11:47:35 am »
Hallo,

ich habe ein Dienst der läuft bei mir auf

192.168.10.1:443 test.firma.de

 und ein anderer Dienst auf der selben IP und selben DNS Name

192.168.10.2:400 test.firma.de


Wir haben den HAProxy nun so Konfiguriert, dass es mit "host matches" bei 443 funktionert.
Bei Port 400 bekommen wir das nicht hin. Geht das überhaupt?

10
German - Deutsch / HaProxy und dahinter ein Server mit Nginx mit Reverse Proxy
« on: April 08, 2023, 03:33:59 pm »
Hallo Leute,

ich habe öfters den Fall, das ich für manche Dienste nur eine Anleitung finde mit Nginx als ein Reverse Proxy. Ich habe aber eine Opnsense mit HaProxy und Acme Client. Wie kann man das Konfigurieren oder ist das egal, weil es dann 2 mal Proxy ist?
Oder verstehe ich etwas total falsch?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2