Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Reverse proxy using HAProxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Reverse proxy using HAProxy (Read 3708 times)
tre4bax
Full Member
Posts: 151
Karma: 4
Reverse proxy using HAProxy
«
on:
August 15, 2019, 11:22:25 pm »
After a whole evening I have finally decided to come here and ask a question.
I have Two services that I want to get access to from the internet. Both have a DNS entry with my provider that sends them through to my opnsense firewall.
Now I have setup two sets of Servers, Backend servers, Conditions, Rules and publicservices. One foreach.
Both are monitoring server.domain.name:80 so they should both hear the contact. The rules should then surely determine which of the servers is passed back to them. These are both setup by ipaddress and both have no internal name resolution.
No matter what condition I create attempts to access the server (using tor to give me a non local address) both domain names go to the same server. I have tried creating conditions that will not be met, all sorts of combinations and yet I always just get routed to just one of the servers. There is not even any real evidence of which one it goes to, I think it is just picking the first. (not that I have found a way to pick a default server).
It is now time to give it up for the night, not that I will get any sleep now as I'll be thinking it through all night. If someone has seen this before it would be great if they could point me in the right direction.
Logged
mj84
Newbie
Posts: 13
Karma: 1
Re: Reverse proxy using HAProxy
«
Reply #1 on:
August 16, 2019, 09:49:40 am »
Does this scheme roughly match your setup?
:80 public service1 ----> backend pool1 ----> server1:80
:80 public service2 ----> backend pool2 ----> server2:80
Within a public service, you can define a default backend pool. If your backend pool only contains one server, that is how you can define a default server.
What I had to learn the hard way, is that you have to assign rules to either a public service or a backend pool.
Otherwise they won't get evaluated.
So you need to have these rules:
1.
condition: hostname1.domain
action: use backend pool1
2.
condition: hostname2.domain
action: use backend pool2
Rule 1 needs to be attached to public service1, Rule 2 to public service2.
HTH
Logged
tre4bax
Full Member
Posts: 151
Karma: 4
Re: Reverse proxy using HAProxy
«
Reply #2 on:
August 16, 2019, 11:50:39 am »
Yep that is it spot on.
I do have the conditions, they just seem to always evaluate as true. I can change the parameters of the condition as much as I like and yet all attempts to access are sent to the same backend pool even when they should match a different condition. I'm using the host equals condition with the FQDN of each server to check for.
One thing that might help. What address do you listen on in your Services? I'm currently using the domain name i.e. server.domain:80 That will be providing the external address of the firewall. I tried with 127.0.0.1:80 and then nothing worked at all.
This is the only thing I can think might be causing the issues.
Logged
mj84
Newbie
Posts: 13
Karma: 1
Re: Reverse proxy using HAProxy
«
Reply #3 on:
August 16, 2019, 12:36:08 pm »
I have the listen addresses configured as "IP address:Port", e.g. "192.168.1.254:80" since HAProxy does not do implicit name based virtual hosting as Apache or nginx would.
In order to achieve name based backend selection, you have to create the rules (and conditions) as mentioned and reference the appropriate rule in the public services.
So the workflow is this:
HTTP request arrives on your public service at 192.168.1.254:80
HAProxy evaluates all rules assigned to the public service
If you have a rule that says "if hostname == host1.domain, then use backend pool 1", backend pool 1 will be used
If you have a rule that says "if hostname == host2.domain, then use backend pool 2", backend pool 2 will be used
To clarify: You only need multiple public services if you want to listen on different IPs (although you also could have one public service listen on different IPs) or have two completely separate frontends.
If you want to have multiple hostnames served behind the same IP address, you would assign multiple rules to your public service as mentioned in my example.
«
Last Edit: August 16, 2019, 12:43:33 pm by mj84
»
Logged
tre4bax
Full Member
Posts: 151
Karma: 4
Re: Reverse proxy using HAProxy
«
Reply #4 on:
August 16, 2019, 12:42:41 pm »
Ah, I wonder if that last is where I am going wrong. I need to listen on the outside address of my firewall for port 80 then route it to the appropriate backend depending on the url hostname that brought it to the server.
My DNS basicall roots Server1.Domain and Server2.domain to the same address. I just need to listen and route Server1 requests to Server1 etc.
Will give that a shot.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.7 Legacy Series
»
Reverse proxy using HAProxy