Quote from: dMopp on May 07, 2024, 12:39:37 pmThanks for the great tutorial. Is there a way to exclude the HTTPS force for specific Backends? (Based on the tutorial here). Background: For HomeAssistant and stupid IOT devices, i need to have my HA instance reachable over http, too (with a different domain at least so i can firewall it a lot )Ping
Thanks for the great tutorial. Is there a way to exclude the HTTPS force for specific Backends? (Based on the tutorial here). Background: For HomeAssistant and stupid IOT devices, i need to have my HA instance reachable over http, too (with a different domain at least so i can firewall it a lot )
How can we load balance TCP traffic that we don't want to get SSL offloaded, f.e. OpenVPN over TCP?In my tutorial I only explain how to "redirect+load balance SSL offloaded traffic".This is because I myself don't have (yet) the need to actually load balance any non SSL traffic.However balancing non SSL traffic is pretty much the same as balancing SSL traffic.You only have to make sure that your "NOSSLservice_rule" or "NOSSLservices_mapfile_rule" is placed on the "SNI_frontend" instead of the "HTTPS_frontend" and that the backend that belongs to your "NOSSLservice_server" is running in TCP mode.
@dMopp have you found a solution? I don't get it to workI have two Services192.168.5.2:8081 --> works with https://192.168.5.2:8081 (So the HAProxy works)192.168.5.3:8082 --> works only with http://192.168.5.3:8082For the Service without SSL i have add this parameters:Real Server: Identical to the Server like Plex, Port 8082 and disabled the SSL option (Testet disabled and enabled)Added a Map file like the public domainsConditions: No new conditionsRules: Copy of the public domain map and change the map fileBackend: Copy the Plex Backend and change Mode to TCP and Server to the new Real ServerPublic Service: Add the new rule to the sni frontendI get only the 503 Service Unavailable
Hello all,I have one question. I already have a dynamic DNS provider. Can I continue to use this and just substitute it for the one in the instructions?Thanks,Steve
removed old config to cleanup
## Automatically generated configuration.# Do not edit this file manually.#global uid 80 gid 80 chroot /var/haproxy daemon stats socket /var/run/haproxy.socket group proxy mode 775 level admin nbthread 4 hard-stop-after 60s no strict-limits maxconn 10000 tune.ssl.ocsp-update.mindelay 300 tune.ssl.ocsp-update.maxdelay 3600 httpclient.resolvers.prefer ipv4 tune.ssl.default-dh-param 4096 spread-checks 2 tune.bufsize 16384 tune.lua.maxmem 0 log /var/run/log local0 info lua-prepend-path /tmp/haproxy/lua/?.luadefaults log global option redispatch -1 maxconn 5000 timeout client 30s timeout connect 30s timeout server 30s retries 3 default-server init-addr last,libc default-server maxconn 5000# autogenerated entries for ACLs# autogenerated entries for config in backends/frontends# autogenerated entries for stats# Frontend: Public-service-sni-listener ()frontend Public-service-sni-listener bind 0.0.0.0:443 name 0.0.0.0:443 bind 0.0.0.0:80 name 0.0.0.0:80 bind 0.0.0.0:8123 name 0.0.0.0:8123 mode tcp # logging options # ACL: homeassistant_sni acl acl_668517d7e34a26.66992240 req.ssl_sni -m sub -i app1.example1.org # ACL: nextcloud_sni acl acl_668517cca10095.43472848 req.ssl_sni -m sub -i app2.example2.org # ACTION: other_sni_rule use_backend directadminpool unless acl_668517d7e34a26.66992240 || acl_668517cca10095.43472848 # ACTION: ha_sni_rule use_backend homeassistant-pool if acl_668517d7e34a26.66992240 # ACTION: nextcloud_sni_rule use_backend nextcloudpool if acl_668517cca10095.43472848 # ACTION: PUBLIC_DOMAINS_rule # NOTE: actions with no ACLs/conditions will always match use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/667995c7e25e94.80171493.txt,directadminpool)] # WARNING: pass through options below this line tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 }# Backend: homeassistant-pool ()backend homeassistant-pool # health checking is DISABLED mode tcp balance source # stickiness stick-table type ip size 50k expire 30m stick on src server homeassistant 192.168.1.88:8123 # Backend: nextcloudpool ()backend nextcloudpool # health check: Nextcloud-Healthcheck mode tcp balance roundrobin # stickiness stick-table type ip size 50k expire 30m stick on src server office 192.168.1.35:443 check inter 5s port 443 # Backend: directadminpool ()backend directadminpool # health checking is DISABLED mode tcp balance roundrobin # stickiness stick-table type ip size 50k expire 30m stick on src server directadmin 192.168.10.102:443