English Forums > Tutorials and FAQs
Tutorial 2024/02: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
TheHellSite:
--- Quote from: ejball02 on June 01, 2021, 08:55:28 pm --- I'm wondering if there is something here that can help achieve creating a cert for content filtering. Anyone have any experience with this?
--- End quote ---
No offense, but this is meant to be a tutorial related to HAProxy in a reverse proxy setup. :)
As this is the tutorial sub-forum it is not really meant to ask for help and especially not regarding different topics.
You can of course follow this guide to the part where you get your Let's Encrypt certificate, but from there on you will be on your own.
I think you should probably open up your own thread in the help forums and ask for help there.
https://forum.opnsense.org/index.php?board=27.0
or here
https://forum.opnsense.org/index.php?board=28.0
or here
https://forum.opnsense.org/index.php?board=1.0
skittlebrau:
--- Quote from: TheHellSite on June 01, 2021, 06:52:28 pm ---The PLEX_backend looks very similiar to the SSL_backend. Only "Name: PLEX_backend" and "Servers: PLEX_server" are different. :)
--- End quote ---
I assumed that it would be the case, so thanks for confirming ;D
One part that's tripping me up is in my plex_backend pool and other ones I set for my internal services like Resilio Sync, if I set the mode to TCP (Layer 4) then I get a syntax error below. Switching the mode to HTTP for those two backends resolves the syntax error, but produces blank pages. Stats area in HAProxy shows the services as being UP.
[NOTICE] 152/082107 (17536) : haproxy version is 2.2.14-a07ac36
[ALERT] 152/082107 (17536) : http frontend '1_HTTPS_frontend' (/usr/local/etc/haproxy.conf.staging:70) tries to use incompatible tcp backend 'sync1_backend' (/usr/local/etc/haproxy.conf.staging:117) in a 'use_backend' rule (see 'mode').
[ALERT] 152/082107 (17536) : http frontend '1_HTTPS_frontend' (/usr/local/etc/haproxy.conf.staging:70) tries to use incompatible tcp backend 'plex_backend' (/usr/local/etc/haproxy.conf.staging:104) in a 'use_backend' rule (see 'mode').
[ALERT] 152/082107 (17536) : Fatal errors found in configuration.
TheHellSite:
--- Quote from: skittlebrau on June 02, 2021, 02:24:48 am ---
--- Quote from: TheHellSite on June 01, 2021, 06:52:28 pm ---The PLEX_backend looks very similiar to the SSL_backend. Only "Name: PLEX_backend" and "Servers: PLEX_server" are different. :)
--- End quote ---
I assumed that it would be the case, so thanks for confirming ;D
One part that's tripping me up is in my plex_backend pool and other ones I set for my internal services like Resilio Sync, if I set the mode to TCP (Layer 4) then I get a syntax error below. Switching the mode to HTTP [...]
[/font]
--- End quote ---
Now I remember correctly.
The SSL_backend is different from most other backends since it is NOT running in HTTP mode.
But HTTP mode is usually the one you want for a web based service.
I changed that part in the tutorial. Please take a look at the backend creation.
My bad! I wrote the tutorial from brain memory. So I guess you are my beta tester. ;D
skittlebrau:
All good, you've been so helpful.
I checked through everything again and realised that when setting up the NAT port forward, I forgot to enter the dropdown menu at the end to add the associated filter rule. I was too used to pfSense automatically selecting that by default, so no wonder it wasn't working despite changing from TCP to HTTP mode for the backend services!
For posterity sake, I've saved your guide for my own reference and archived it to PDF as well.
If there's a particular charity you support, send me a private message and I'll happily donate to one in your name, along with a donation to the OPNsense project. :D
michaelgo:
Hi,
thank you for an amazing guide.
in part 5.5 the picture is broken, can you please re-post (it's working now)
also, 5.7 "plex condition" is it a rule? (5.7 and 5.8 screenshots are vice versa)
also, i don't have "Backends" only "Backend pools" there
Services --> HAProxy --> Settings --> Virtual Services --> Backends
is it what you mean?
thanx
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version