[22.1.6] HAProxy, loopback to frontend using unix socket

Started by 8b4df00d, April 19, 2022, 09:43:11 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 19, 2022, 09:43:11 AM Last Edit: April 19, 2022, 09:57:38 AM by 8b4df00d
Hello, i have two registered domains (both pointing to one ip address), lets say domain-a and domain-b.
Both domains access via https on the default port 443 and i don't want to change it.

But, to access domain-b i want the users to identify themselves via a client-certificate i handed them out.
Domain-a should be accessable by the public without certificates, but of course via https.

To do this, i created a tcp-frontend that uses a rule to decide which backend should be used (the rule uses sni to identify if the request is coming from domain-a or domain-b).

I also created two other frontends (this time in http-mode). The listening addresses are now unix sockets (unix@sock-a for domain-a and unix@sock-b for domain-b).

Because i created two frontends with unix sockets i can now create real-servers that use those sockets.

The backends (backend-a and backend-b) are linked to the real-servers (sock-a or sock-b) and get requests from the tcp frontend.

My problem is that when im accessing the frontend i get an empty reply (code 52).

Do i miss something when using unix-sockets?

Thanks for any help.
August 05, 2022, 08:02:23 PM #1
I have the same issue. Did you ever figure it out?

I tried:

In Frontend: tcp, listening on 0.0.0.0:443, with default backend set to...
Backend pool 1: tcp, server is...
Backend server 1: unix@test_1
Frontend: https offloading, listening on unix@test_1, default backend set to...
Backend pool 2: http, server is...
Backend Server 2: 192.168.1.2

No response.

August 12, 2022, 10:15:22 AM #2 Last Edit: August 12, 2022, 05:13:47 PM by Fright
can be related to chroot or permissions.
can you please explain why you need to loop traffic via sockets? <- hard to switch from nginx  :o
August 12, 2022, 05:14:53 PM #3 Last Edit: August 12, 2022, 05:16:43 PM by Fright
can try
Code Select
opnsense-patch -c plugins -a kulikov-a 3b3d22d
and re-Apply HAProxy settings? (tested and works on 22.7.1 with 3.10_1 HAProxy plugin ver)
March 01, 2023, 02:41:05 PM #4
Hey,

didn't get notified but saw your replies last week and tried this config out today.
Works perfect.

Thank you guys.
Every day i love my opnsense-boxes more and more :)
March 01, 2023, 04:12:01 PM #5
hi!
great! thanks for the feedback)
Print
Go Up Pages1
User actions