Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Multiple sites via HAproxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multiple sites via HAproxy (Read 5302 times)
kosta
Hero Member
Posts: 540
Karma: 2
Multiple sites via HAproxy
«
on:
July 26, 2021, 12:24:42 am »
Hello,
I hope this is the right place. I am using HAproxy for SSL offloading for internal and external GUIs.
I migrated to the OPNsense, however I have issue with the same config as I used to have on the Sophos, our previous firewall.
I have two sites that both have internally 443, however I used to get to one via another port.
Doing that works, the site answers, however the site gets redirected to 443 and also picks some other certificate, one of the other sites used in HAproxy.
There is only one WAN IP, however different FQDNs, of course.
My understanding is mostly basic, what I know from reading off the net and tutorials.
I would expect it to "sort" the access according to the FQDN and then retain the port at which HAproxy serves the site (and of course the cert).
Is that possible at all?
An example:
site1.domain.com:443 -> server1.internal.domain.com:443
site2.domain.com:4343 -> server2.internal.domain.com:443
I'm only reluctant to post real domains and ports, so these are just examples.
Logged
saarko
Newbie
Posts: 3
Karma: 0
Re: Multiple sites via HAproxy
«
Reply #1 on:
July 28, 2021, 08:51:11 am »
Dear kosta,
there is a tutorial written, which pretty much covers your use case as well as far as I understood it.
https://forum.opnsense.org/index.php?topic=23339.msg110962#msg110962
It is very detailed with screenshots. It shall help you.
Greetings,
saarko
Logged
kosta
Hero Member
Posts: 540
Karma: 2
Re: Multiple sites via HAproxy
«
Reply #2 on:
July 28, 2021, 02:20:23 pm »
Hello,
I went through the whole post, thank you.
I'm afraid that since I can't create a wildcard-cert for my domain, this won't be possible?
As far as I am reading along, if I have a single IP, single port like 443, I must use one frontend.
Is that correct or is there some way around?
«
Last Edit: July 28, 2021, 08:48:20 pm by kosta
»
Logged
mrpsycho
Newbie
Posts: 33
Karma: 1
Re: Multiple sites via HAproxy
«
Reply #3 on:
July 28, 2021, 09:35:25 pm »
you can setup HAproxy as with as many sites as you wish.
SSL certificates may be generated with lets encrypt plugin, or you can use your own. no need to use wildcard.
But you will need to define "frontend" and "backend" records, and then map it to each other.
from my opinion, setting up HAproxy is more complicated, then nginx... but still, you can do all things with one public IP.
Logged
kosta
Hero Member
Posts: 540
Karma: 2
Re: Multiple sites via HAproxy
«
Reply #4 on:
July 28, 2021, 09:37:48 pm »
Hm OK, but why does then one site at 443 load the certificate of the other site, which is also at 443?
I do have my certs with LE plugin, each DNS record I am using.
But if I create multiple public services, calling up the page will often result at loading of the false certificate, or even worse the wrong page/application.
«
Last Edit: July 28, 2021, 09:52:40 pm by kosta
»
Logged
kosta
Hero Member
Posts: 540
Karma: 2
Re: Multiple sites via HAproxy
«
Reply #5 on:
July 28, 2021, 10:57:12 pm »
Ha, yes! Indeed it works. I completely ignored the fact that I can actually select more than one certificate in the public service, and apparently just thought I need one (wilcard) certificate.
Thank you!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Multiple sites via HAproxy