Topics

1

Web Proxy Filtering and Caching / [HAProxy] [updated] HTTPS passthrough

« on: April 13, 2021, 10:46:45 pm »

Hi,

I am struggling to simply let HTTPS traffic to my servers pass trough HAPorxy. HTTP works fine.
For the HTTPS traffic, I have a separate public service, real servers, conditions, rules, etc setup.

I roughly have the following setup:

WAN with fixed IP -> OPNSENSE running HAPROXY -> VM running multiple docker behind Traefik.

Traefik handles all the SSL from the VM, and I am happy with that and I want to keep it that way.
I want HAProxy to pass through the HTTPS without any interference. But I am not able to figure how to do it.
Can someone point me in the right direction, because I find the documentation not very clear on this.

Thx for any pointers.

.

2

Web Proxy Filtering and Caching / HAProxy working on port 80 not working on port 443

« on: May 21, 2020, 08:33:28 pm »

I have HAProxy working for subdomains using http (port 80), as soon as I bring in a subdomain which is being served by a https/port 443, I can't get it working.

My current setup is as follows:

Multiple VMs running in a network, some of these VMs have containers running with their own proxy and certificates.

Working:
http://test1.example.com --> test_server_1
http://test2.example.com --> test_server_2

These VMs are not using any ssl, etc.

Not working:
https://app1.example.com --> container_server
https://app2.example.com --> container_server

The container_server runs its own proxy (Traefik) and handles the Let's Encrypt certificates.  I want to keep it in this way, because I want to build some sort of BeyondCorp / ZeroTrust setup in the backend later on and I want my Firewall to be not to much involved (certificate handling, etc). HAProxy needs to be as transparent as possible.

The error I am getting is that there is some kind of SSL error.

Using a Mac:

Chrome:
This site can’t provide a secure connection

app1.example.com sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

Firefox:
An error occurred during a connection to app1.example.com. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

ADDITION:
I have no port 443 rules, port forwards running (all disabled)

Any help is appreciated.

3

Web Proxy Filtering and Caching / [Solved] HAProxy - Firewall rules

« on: December 01, 2019, 09:31:55 pm »

Small question - no background

In the documentation the following statement is made:

Code: [Select]

Now you need to configure firewall rules for accessing your HAProxy instance.https://docs.opnsense.org/manual/how-tos/haproxy.html

I am struggling with the firewall rule. When trying to setup a FW rule, I see no options to point to HAProxy.

Can somebody explain the last step. Setting up the FW rule?

Same question - more background
I am trying to setup the following situation in my home network.

www.example.com --> server1
test1.example.com --> server1
test2.example.com --> server1
test3.example.com --> server2
test4.example.com --> server2

Both server1 and server2 are running multiple dockers, with Traefik as a reverse proxy.
Currenly I have only a setup with server1, and this handled by port forwarding and on the the server with Traefik as reverse proxy. So far so good. Now I want to add another server, with subdomains  within the same domain. This can't be handled by portforwarding. I need a reverse proxy on OPNsense.

I followed this from the documentation:
https://docs.opnsense.org/manual/how-tos/haproxy.html

 But I am struggling with this statement at the end of the page.

Code: [Select]

Now you need to configure firewall rules for accessing your HAProxy instance.
Can somebody explain the last step. Setting up the FW rule?
Is there another, or better way to achieve this, or is this the "correct" way?