HAProxy: Efficient Domain-Based Traffic Routing on Proxmox

[rogafe]

Hello everyone,

Sorry if the question was already posted, but the search is a little bit difficult here.

I'm currently running a Proxmox server hosted on a dedicated Hetzner server, and I am exploring the possibilities of configuring HAProxy for more advanced traffic routing between my VMs.

Here's the context of my existing setup:

• Server: Proxmox is hosted on a dedicated Hetzner server.
• Current Configuration: OPNsense is already in use as the firewall, and I'm considering integrating HAProxy for specific routing needs.

Before I lease another IP from Hetzner, I want to see if HAProxy can handle my specific requirements for directing traffic based on domain names. Specifically, I'm looking to set up routing rules like:

• Directing traffic for kasm.rogafe.domain exclusively to a VM designated for KASM.
• Routing all other subdomains matching *.rogafe.domain to a different VM called Cloud where I run my docker using compose + traefik.

Diagram of the Setup:


My questions are:

• Can HAProxy, when configured on OPNsense, handle this type of domain-based routing efficiently?
• Are there any special considerations or settings in HAProxy that I should prepare for to enable such routing?
• If anyone has implemented a similar configuration, could you share your insights or point out any potential issues I should be aware of?

I'm looking for any advice or experiences that could help me determine the feasibility of this setup without needing an additional IP.

Thanks in advance for your input!
Rogafe

[cookiemonster]

you do realise that kasm.rogafe.domain fits inside *.rogafe.domain right ?
That means that any reverse proxy will not be able to set those apart.
One of the most popular guides will give you a good idea how to setup HAProxy https://forum.opnsense.org/index.php?topic=23339.0
But yes, this is what reverse proxies do and the HA plugin in OPN is very comprehensive.

[rogafe]

you do realise that kasm.rogafe.domain fits inside *.rogafe.domain right ?
That means that any reverse proxy will not be able to set those apart.
One of the most popular guides will give you a good idea how to setup HAProxy https://forum.opnsense.org/index.php?topic=23339.0
But yes, this is what reverse proxies do and the HA plugin in OPN is very comprehensive.

I do realize that the domain kasm.rogafe.domain fits within the wildcard *.rogafe.domain. However, based on my experience with DNS, when a specific domain record like kasm.rogafe.example is defined, it usually takes priority over the wildcard.

But I do not have enough experience in HAProxy, so I am not sure if it works the same way. Thank you for your response and the link. I'll definitely check it out for more detailed information on setting up reverse proxies.