Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Internal websites with HAproxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Internal websites with HAproxy (Read 2064 times)
motionthings
Newbie
Posts: 2
Karma: 0
Internal websites with HAproxy
«
on:
July 07, 2022, 08:05:59 pm »
I have set up HAproxy for my external services with a wildcard cert, and this works great.
But, I would like https on my internal services as well, and my AP's/routers, switches, iot-devices, etc..
Is this possible with HAproxy, or do I need to setup an internal proxy to do that?
I tested by making a dns record for one of my switches, then setting up everything as normal in HAproxy, but not add it to the 'Public services' listening on port 443.
This did of course not work, since that is the one listening on port 443.
Can I clone the 'Public services' "rule" and have it listen on my lan network too?
Or is there a better, more correct way?
Logged
meyergru
Hero Member
Posts: 1700
Karma: 167
IT Aficionado
Re: Internal websites with HAproxy
«
Reply #1 on:
July 07, 2022, 11:30:28 pm »
I just did this a minute ago for wpad. I reconfigured my OpnSense to listen on 444 instead of 443 and not on 80 at all, but I wanted to have
http://wpad/wpad.dat
working.
You can give the 1_HTTPS_Frontend multiple certificates, for example one from Let's Encrypt and one from your own CA. They will all be presented.
Then, you can have the map file point at internal backends. I configured WPAD_backend to wpad:444.
From the LAN, wpad resolves to my OpnSense. Port 80 is HAProxy, redirecting at 443. Port 443 is 1_HTTPS_Frontend mapping wpad to WPAD_backend, which in turn contacts wpad on port 444 via SSL.
Since a correct certiticate is presented that contains wpad and is issued by my own CA, everything is fine.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
motionthings
Newbie
Posts: 2
Karma: 0
Re: Internal websites with HAproxy
«
Reply #2 on:
July 12, 2022, 06:58:27 am »
Thanks for your reply.
I ended up putting everything on the 'public service' and put authentik on it.
Good enough for me
Since I'm using Cloudflare DNS you cant really find any of the domains using my wildcard cert anyways.
Have a good one
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Internal websites with HAproxy