English Forums > Web Proxy Filtering and Caching

[Solved] HAProxy - Firewall rules

(1/2) > >>

tapnl:
Small question - no background

In the documentation the following statement is made:


--- Code: ---Now you need to configure firewall rules for accessing your HAProxy instance.
--- End code ---
https://docs.opnsense.org/manual/how-tos/haproxy.html

I am struggling with the firewall rule. When trying to setup a FW rule, I see no options to point to HAProxy.

Can somebody explain the last step. Setting up the FW rule?

Same question - more background
I am trying to setup the following situation in my home network.

www.example.com --> server1
test1.example.com --> server1
test2.example.com --> server1
test3.example.com --> server2
test4.example.com --> server2

Both server1 and server2 are running multiple dockers, with Traefik as a reverse proxy.
Currenly I have only a setup with server1, and this handled by port forwarding and on the the server with Traefik as reverse proxy. So far so good. Now I want to add another server, with subdomains  within the same domain. This can't be handled by portforwarding. I need a reverse proxy on OPNsense.

I followed this from the documentation:
https://docs.opnsense.org/manual/how-tos/haproxy.html

 But I am struggling with this statement at the end of the page.

--- Code: ---Now you need to configure firewall rules for accessing your HAProxy instance.
--- End code ---

Can somebody explain the last step. Setting up the FW rule?
Is there another, or better way to achieve this, or is this the "correct" way?

ruggerio:
You have to make rules source WAN destination localhost to the Ports you offer the internet. E.g. your haproxy listens to port 80 public for your webserver:

Port 80 Source WAN Target Localhost. Port is whatever you defined in haproxy as port for your public server.

tapnl:
@ruggerio: Thx for the reply.

During the last week, I tried several setups but I am not able to get this working and it is totally unclear for me if the issue is in the FW rule or in the HAProxy setup.

Does anybody have an easy to share configuration or a link to a good tutorial? The information in the documentation on HAProxy is okayish, but brought me to this point.

cmdr.adama:
With some trial and error I was able to get HAProxy to work and work fairly well at that... This will differ to what you are after obviously but hopefully you can pick up on something you may have missed...

I've removed any addresses and Cert/CA details for obvious reasons...

Real server settings:
Public Service:


Backend Pool:


Regarding the FW... All you will need to do is allow web traffic, in my case just HTTPS to hit the FW...

hbc:
One little hint for HTTP/2.0. If you enable it in HAProxy, then make sure that your web server supports/serves it. Else you will run into problems - at least when using firefox

Navigation

[0] Message Index

[#] Next page