Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
HA proxy and turn server
« previous
next »
Print
Pages: [
1
]
Author
Topic: HA proxy and turn server (Read 1894 times)
kamiar
Newbie
Posts: 1
Karma: 0
HA proxy and turn server
«
on:
September 21, 2023, 02:01:17 am »
i have 3 real servers one serving nextcloud on my domain port 80, 443 and a few other ports , there is a signaling server (turn and coturn) signaling.ccccc.com , running on the same server
i also have a second server serving openproject port 80 and 443 on project.cccc.com
and a third server for Plex which works fine
i got haproxy and rules so content is shown but my signalling serving doesn't work i checked the port is open but nextcloud can't connect to the signaling server
here is my haproxy config
#
# Automatically generated configuration.
# Do not edit this file manually.
#
global
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group proxy mode 775 level admin
nbthread 8
hard-stop-after 60s
no strict-limits
maxconn 20000
tune.ssl.default-dh-param 4096
spread-checks 2
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log local0 info
lua-prepend-path /tmp/haproxy/lua/?.lua
defaults
log global
option redispatch -1
maxconn 100000
timeout client 30s
timeout connect 30s
timeout server 30s
retries 3
default-server init-addr last,libc
default-server maxconn 100000
# autogenerated entries for ACLs
# autogenerated entries for config in backends/frontends
# autogenerated entries for stats
# Frontend: 0_SNI_frontend (Listening on 0.0.0.0 80-443-5349-32400)
frontend 0_SNI_frontend
bind 0.0.0.0:80 name 0.0.0.0:80
bind 0.0.0.0:443 name 0.0.0.0:443
bind 0.0.0.0:5349 name 0.0.0.0:5349
bind 0.0.0.0:32400 name 0.0.0.0:32400
bind 0.0.0.0:20000-59999 name 0.0.0.0:20000-59999
bind 0.0.0.0:3478 name 0.0.0.0:3478
mode tcp
default_backend SSL_Backend
# logging options
# Frontend: 1_HTTP_frontend (Listening on 192.168.3.1:80)
frontend 1_HTTP_frontend
bind 192.168.3.1:80 name 192.168.3.1:80 accept-proxy
mode http
option http-keep-alive
option forwardfor
# logging options
# ACL: NoSSL_Condition
acl acl_64265612d29c36.06646281 ssl_fc
# ACTION: HTTPtoHTTPS_rule
http-request redirect scheme https code 301 if !acl_64265612d29c36.06646281
# Frontend: 2_HTTPS_Frontend (Listening on 192.168.3.1:443)
frontend 2_HTTPS_Frontend
http-response set-header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
bind 192.168.3.1:443 name 192.168.3.1:443 accept-proxy ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/642659ee745114.56525338.certlist
bind 192.168.3.1:5349 name 192.168.3.1:5349 accept-proxy ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/642659ee745114.56525338.certlist
mode http
option http-keep-alive
option forwardfor
timeout client 15m
# logging options
# ACL: NextCloud
acl acl_64251573da2f46.19693980 hdr(host) -i incognitocorp.ca
# ACL: nc_caldav
acl acl_6426806531cfe0.43890681 path_end -i /.well-known/caldav
# ACL: nc_carddav
acl acl_64268076b90102.62365437 path_end -i /.well-known/carddav
# ACL: nc_nodeinfo
acl acl_642680a670cc41.14458864 path /.well-known/nodeinfo
# ACL: nc_webfinger
acl acl_642680c68dbb14.17808505 path /.well-known/webfinger
# ACL: Plex_Condition
acl acl_643cadfa7328a7.20414140 src_port eq 32400
# ACL: Open_Project_Host_rule
acl acl_64feb39639de48.25872321 hdr(host) -i project.incognitocorp.ca
# ACTION: NextCloud_Rules
use_backend NextCloud_Backend if acl_64251573da2f46.19693980
# ACTION: nc_caldav
http-request redirect code 301 location /remote.php/dav if acl_6426806531cfe0.43890681 acl_64251573da2f46.19693980
# ACTION: nc_carddav
http-request redirect code 301 location /remote.php/dav if acl_64268076b90102.62365437 acl_64251573da2f46.19693980
# ACTION: nc_nodeinfo
http-request redirect code 301 location /index.php/%[capture.req.uri] if acl_642680a670cc41.14458864 acl_64251573da2f46.19693980
# ACTION: nc_webfinger
http-request redirect code 301 location /index.php/%[capture.req.uri] if acl_642680c68dbb14.17808505 acl_64251573da2f46.19693980
# ACTION: Plex_Rule
use_backend Plex_Backend if acl_643cadfa7328a7.20414140
# ACTION: Open_Project_Host_Condition
use_backend OpenProject_Backend if acl_64feb39639de48.25872321
# Frontend: 3_Turn_Frontend (Listening on 192.168.3.1:5349)
frontend 3_Turn_Frontend
bind 192.168.3.1:5349 name 192.168.3.1:5349 accept-proxy proto h2
bind 192.168.3.1:20000-59999 name 192.168.3.1:20000-59999 accept-proxy proto h2
bind 192.168.3.1:3478 name 192.168.3.1:3478 accept-proxy proto h2
mode http
option http-keep-alive
default_backend NextCloud_Backend
option forwardfor
timeout client 15m
# logging options
# Frontend (DISABLED): 4_Turn_Frontend (Listening on 192.168.3.1:3478)
# Frontend: 5_Plex_Frontend (Listening on 192.168.3.1:32400)
frontend 5_Plex_Frontend
bind 192.168.3.1:32400 name 192.168.3.1:32400 accept-proxy
mode http
option http-keep-alive
default_backend Plex_Backend
option forwardfor
timeout client 15m
# logging options
# ACL: Plex_Condition
acl acl_643cadfa7328a7.20414140 src_port eq 32400
# ACTION: Plex_Rule
use_backend Plex_Backend if acl_643cadfa7328a7.20414140
# Backend: acme_challenge_backend (Added by ACME Client plugin)
backend acme_challenge_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
http-reuse safe
server acme_challenge_host 127.0.0.1:43580
# Backend: NextCloud_Backend ()
backend NextCloud_Backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 100k expire 30m
stick on src
http-reuse safe
server NextCloud 192.168.1.11 ssl verify none
# Backend: SSL_Backend ()
backend SSL_Backend
# health checking is DISABLED
mode tcp
balance source
# stickiness
stick-table type ip size 200k expire 30m
stick on src
server SSL_Server 192.168.3.1 send-proxy-v2 check-send-proxy
# Backend (DISABLED): Turn_Server_Backend ()
# Backend: Plex_Backend ()
backend Plex_Backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
http-reuse safe
server Plex 192.168.1.10:32400 ssl verify none
# Backend (DISABLED): BitTorrent_Backend (BitTorrent Backend)
# Backend (DISABLED): SSH_Backend ()
# Backend: OpenProject_Backend ()
backend OpenProject_Backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
http-reuse safe
server Open_Project 192.168.1.17
# statistics are DISABLED
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
HA proxy and turn server