HAproxy: not able to setup two services on single IP:Port

[blacklistme]

Hi Gang,

I have spent several houres to configure haproxy as a simple reverse proxy for two different services on one single IP with the same Port. I have not succeeded and now I need your help please.

Config is as follows:


Real server 1: FQDN -> "fqdn.server1.intern" / Port -> 443 / SSL / SNI / fqdn.server1.intern / verify -> "myCA"
Real server 2: FQDN -> "fqdn.server2.intern" / Port -> 80

Backend pool 1: Server -> real server 1 (rest is default)
Backend pool 2: Server -> real server 2 (rest is default)

Public server 1: listen address -> "fqdn1:443" / certificate "fqdn1 acme" / selected rule -> Rule 1
Public server 2: listen address -> "fqdn2:443" / certificate "fqdn2 acme" / selected rule -> Rule 2

Condition 1: host matches -> Host string -> "sub.domain.de"
Condition 2: host matches -> Host string -> "domain.de"

Rule 1: If condition 1 -> use backend pool 1
Rule 2: If condition 2 -> use backend pool 2

That is my understading of how reverse proxy should select the right backend server depending on the host name that is called.

Enabling realserver 1 - everything is fine
Enabling realserver 2 - realserver 2 is working fine, too. But realserver 1 presents certificate from realserver 2 and passing the connection to realserver 1


- Type is HTTP/HTTPS
- IP is static, no NAT


I´m Pulling my hairs off - can´t get this to work...

Does anyone have any ideas?

Robin








 

[Monviech (Cedrik)]

If you don't want to pull your hair out, maybe give os-caddy a try. It can do what you need and is way easier to configure.

Here are the docs:
https://docs.opnsense.org/manual/how-tos/caddy.html

[Patrick M. Hausen]

You need to go with a single public server and two backends depending on the domain name.

[blacklistme]

AWESOME! I love the community - I Love you  - many thanks!!!!