Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Step by Step Needed - HAProxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Step by Step Needed - HAProxy (Read 5114 times)
SkeelKat
Newbie
Posts: 30
Karma: 0
Step by Step Needed - HAProxy
«
on:
July 24, 2018, 08:28:52 am »
Dear Forum Members,
I am in dire need of some assistance. I have checked through every forum, the wiki, pfsense how-to's (for what it might be worth) and still cannot get HA Proxy to work.
Can anyone that has a working setup please give me some indication of how to do the following.
I have 5 DNS entries all pointing to my public IP addresses that I need to reverse proxy to back-end servers.
mail.domain.com:443 >>> 196.44.xxx.xxx >>> 172.16.60.10:443 (LAN)
wifi.domain.com:443 >>> 196.44.xxx.yyy >>> 172.16.80.20:8443 (OPT1)
www.domain.com:443
>>> 196.44.xxx.xxx >>> 172.16.60.11:80 (LAN)
download.domain.com:443 >>> 196.44.xxx.xxx >>> 172.16.60.12:80 (LAN) Apache vhost
edms.domain.com:443 >>> 196.44.xxx.xxx >>> 172.16.60.12:80 (LAN) Apache vhost
I want to make use of let's encrypt certificates for these domains - the ACME client is already active and the certificates are already obtained and installed on OPNsense.
For the life of me I cannot get this to work. The Wiki Documentation makes mention of ACL's which is no longer anywhere to find in the HAProxy Plugin. The HAProxy Plugin makes use of conditions and rules of which there is no mention in the documentation... and thus I am still stuck
Please help!
Logged
astrandb
Newbie
Posts: 25
Karma: 6
Re: Step by Step Needed - HAProxy
«
Reply #1 on:
July 25, 2018, 02:19:05 pm »
If you are starting the config from scratch the following should work:
Define a Real server: name Internal_www, IP: 172.16.60.11, port 80, no ssl
Define a Virtual service->Backend Pool: name pool_www, add server Internal_www (remember to press TAB after entering server name)
Define a condition: Name e.g. www, Host matches, Host string =
www.domain.com
Define a rule: Name redirect_www, Select Conditions: www, HAProxy function: Use specified Backend, pool_www
Define a Virtual Service->Public Service: Name front_443, Listen address: 196.44.xxx.xxx:443 (TAB), enable ssl-offloading, default backend pool: pool_www (TAB), certificate: your Let's Encrypt cert, Advanced settings: Select rules: redirect_www
If you run into problems, it can be a good idea to skip the ssl part initially to make the basic redirect work first. After that you could add ssl offloading and then the other conditions/rules/hosts one by one.
Good luck.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.1 Legacy Series
»
Step by Step Needed - HAProxy