Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
haproxy issue
« previous
next »
Print
Pages: [
1
]
Author
Topic: haproxy issue (Read 2017 times)
ddywz
Newbie
Posts: 14
Karma: 0
haproxy issue
«
on:
February 15, 2021, 04:50:11 am »
I'm having this issue with HAproxy module. The service does not start after configuring correctly:
1. Backend server
2. Backend pool
3. Condition
4. Rule
5. External webserver.
Starting the service for HAproxy fails. I looked at the logs and I saw this when I tried to start the service;
root@myrouter:/usr/local # /usr/local/etc/rc.d/haproxy onestart
Starting haproxy.
[ALERT] 044/221323 (92978) : Starting frontend media_fe: cannot bind socket [10.0.a.b:443]
/usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
I think I see where the issue is: Here is what I found;
When I configured the External Webserver I gave the FQDN of the server as someone would connect externally via https so in the "Listen Addresses" I gave myserver.domain.com:443
If I save this then the Haproxy service goes down and this is because that name myserver.domain.com resolves internally to 10.0.a.b address that shows on the log file. That is the IP address of the real backend server.
I use internally the same domain name, for instance mydomain.com that is used externally. When I configured opnsense under System-->Settings-->General-->domain I put mydomain.com and not mydomain.local
Is this a bad thing? I have been using same domain name internally due to some apps on the phone that require this to operate seamlessly on wi-fi (local LAN) and 4G (external)
I tested this and changed the internal domain to mydomain.local instead and haproxy service started fine and with no issues.
The other test I did was to switch back the internal domain as it was to mydomain.com and did the following:
I changed the Listen address on Public Server in the HAproxy config to 0.0.0.0:443 and saved it and the haproxy service started fine and now I can connect externally via haproxy to the backend server and doing SSL offloading on hadproxy via a certificate I imported and used in the configs.
Is there a downside of binding to 0.0.0.0:443 for the listening address field in the public sever config? I'd like to enter the specific address in the listen field like myserver.mydomain.com:443
Is there a way to tie the Public Server in haproxy config with WAN interface only and not resolve internally? Yes, I forgot to mention that i use the opensense as a DHCP server and DNS server using DHCP static mapping for most of the devices.
Any help is appreciated. Thank you!
Logged
ddywz
Newbie
Posts: 14
Karma: 0
Re: haproxy issue
«
Reply #1 on:
February 16, 2021, 05:08:47 am »
I kind of resolved this. I think my mistake was I was using separate front ends for all web portals that need to be accessed from internet. I read about it and the doc says if you have multiple domains mapping to one WAN IP and all services are on same port, usually 443 then use one single Front end Public server and specify unique rules per each domain.
After doing so all is working fine and the external web-portals map correctly and use the correct certificates that are imported under system--> trust.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
haproxy issue