Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
haproxy ssl passthrough
« previous
next »
Print
Pages: [
1
]
Author
Topic: haproxy ssl passthrough (Read 1782 times)
lebernd
Jr. Member
Posts: 85
Karma: 3
haproxy ssl passthrough
«
on:
June 21, 2020, 10:09:12 pm »
Hello everybody,
I have some questions around the haproxy plugin.
Frontend:
1) can someone tell me a standard/ or differences between the several "listening ip" settings in howtos like:
- 127.0.0.1:port
- a predefined virtual ip-address like 192.168.. or 10...
- the 0.0.0.0:port setting
I have taken the one in the middle, but I'm not sure why. Will all settings "survive" a changing WAN-ip?
2) The options field:
I have entered there:
Code:
[Select]
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }
because I found something in the haproxy forum:
https://discourse.haproxy.org/t/ssl-pass-through-yields-ssl-errors/4206
telling me to do so...
It works with it and won't work without it... I'm not quite sure if it is related to the first question.
Nor what it is. If it is a bug - do I have to go to github?
3) TCP or SSL/HTTPS (TCP) ?
It didn't work with SSL/HTTPS (TCP) until I changed it to TCP
As I turned it back from TCP to SSL/HTTPS (TCP) it is working too. What's the difference why choose the one over the other?
It somehow seams that there is something with the rewrite of the config? I noticed some persisting of the default/offloading settings when changing the config: HSTS setting would persist in the SSL/HTTPS (TCP) settings. Not quite sure though.
Best regards,
Bernd
Logged
IPU451, 16GB RAM, 120GB SSD:
OPNsense 22.7.11_1-amd64
FreeBSD 13.1-RELEASE-p5
OpenSSL 1.1.1s 1 Nov 2022
IPU441, 8GB RAM, 120GB SSD:
OPNsense 23.1.1_2-amd64
FreeBSD 13.1-RELEASE-p6
OpenSSL 1.1.1t 7 Feb 2023
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
haproxy ssl passthrough