Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
HAPROXY : Multiple Public Services on same IP, PORT but mode TCP and SSL/HTTPS
« previous
next »
Print
Pages: [
1
]
Author
Topic: HAPROXY : Multiple Public Services on same IP, PORT but mode TCP and SSL/HTTPS (Read 1435 times)
Dead-Red
Newbie
Posts: 2
Karma: 0
HAPROXY : Multiple Public Services on same IP, PORT but mode TCP and SSL/HTTPS
«
on:
March 31, 2023, 04:16:34 pm »
Hello All,
I have this config :
OpnSense : 23.1.5_4
Theses subs works fine behind a public services with TYPE : SSL/HTTPS
sub1.domain1.com --> IP : A.A.A.A :443
sub2.domain1.com --> IP : A.A.A.A :443
I have this subdomain works fine (only if below public service is disabled) behind a public services with TYPE : tcp
sub1.domain2.com --> IP : A.A.A.A :443
But i can't enabled theses 2 public services in same time.
The public service in tcp mode display :
503 Service Unavailable
No server is available to handle this request.
----------------------- Configs -------------------------
Listen Addresses : sub1.domain2.com:443
Type : TCP
Rules
:
Accept Content if Contains SSL Hello
TCP Inspect DELAY
MY_CUSTOM RULE
--> In RULES
*Accept Content if Contains SSL Hello
IF
Contains SSL Hello Message
AND [default]
execute : tcp-request content accept
*TCP Inspect Delay
IF
Nothing selected
AND [default]
execute : tcp-request inspect-delay
TCP inspection delay 5s
MY_CUSTOM RULE
IF[default]
SNI Match subdomains
AND [default]
Execute : Use specified Backend Pool
Use backend Pool : My-Custom-Bakend
In conditions :
*Contains SSL Hello Message
Type: custom condition (option pass-through)
option : req.ssl_hello_type 1
*SNI Match subdomains
Type : SNI TLS extension regex (TCP request content inspection)
SNI Regex : (sub1)\.domain2\.com
--------------
Can you tell me if it is possible to run a public service that shares the same IP/port but with 2 different modes?
If so, could one of you tell me where I'm going wrong? Because if we activate individually these public services everything works correctly.
Thanks in advance for your help
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: HAPROXY : Multiple Public Services on same IP, PORT but mode TCP and SSL/HTTPS
«
Reply #1 on:
March 31, 2023, 07:47:44 pm »
hi
afaik there is no complains frOm haproxy if there is multiple frontends bindings to the same sockest. but this misconfig is on admin. it "works" because of SO_REUSEPORT using.
https://github.com/haproxy/haproxy/issues/868
https://github.com/haproxy/haproxy/issues/629
Logged
Dead-Red
Newbie
Posts: 2
Karma: 0
Re: HAPROXY : Multiple Public Services on same IP, PORT but mode TCP and SSL/HTTPS
«
Reply #2 on:
April 01, 2023, 06:25:24 pm »
OK, thank's !
I must use an other ip
to solved my problem
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
HAPROXY : Multiple Public Services on same IP, PORT but mode TCP and SSL/HTTPS