Suggestions for multiple servers running port 443 behind OPNsense

csmall · December 16, 2017, 01:34:53 AM

Suggestions for multiple servers running port 443 behind OPNsense With a single public ip?

What would be a good option for handling this?

example:

a.domain.com:443 —-> single public ip ——> internal_server1:443

b.domain.com:443 —-> single public ip ——> internal_server2:443

Can any plugins for OPNsense handle this or would something like nginx/reverse proxy be required? Maybe a layer 7 load balancer like kemp or netscaler etc.

Haproxy can't do this can it?

Gargamel · December 16, 2017, 07:56:03 AM

Hi.

I think you are looking for HAProxy https://wiki.opnsense.org/manual/how-tos/haproxy.html

csmall · December 16, 2017, 12:59:03 PM

How can haproxy do this? I see the guide on installing the plugin but how can it allow multiple dns names that point to one public ip to hit multiple servers behind OPNsense using the same port (443)?

fabian · December 16, 2017, 01:10:07 PM

you can forward based on the SNI (domain name in TLS) or use TLS offload (HTTPS only to HAProxy).

Suggestions for multiple servers running port 443 behind OPNsense

csmall

December 16, 2017, 01:34:53 AM Last Edit: December 16, 2017, 01:43:17 AM by csmall

Gargamel

December 16, 2017, 07:56:03 AM #1

csmall

December 16, 2017, 12:59:03 PM #2

fabian

December 16, 2017, 01:10:07 PM #3