Host header forwarding
-
So after all this I re-added the Port 80 Nat rule that forwards 80 back into the pfsense box and everything started working properly.
Sorry but this is not an option, I think you are messing up your firewall config with a nat for the same port you are listening on.
Remove the nat and be sure you have created a rule on wan to permit connections to port 80. Simple as that.
I've checked package installation and widget is there.
fetch it to your pfsense
on console do:cd /usr/local/www/widgets/widgets/ fetch http://www.pfsense.com/packages/config/varnish64/varnish.widget.php -
Ok I removed the NAT and kept the rule but I'm still getting 503 errors.
-
ok, good news.
the 503 erros means that varnish can't check server helth status.
you can change the probe url from "/" to a full url that you know server responds ok.
fix the widget file and you will see the backend status.
You are almost there. :)
-
The 503 error is intermittent though. It will work fine for a minute and then I get the error. Then 5 minutes later it breaks again.
-
I installed the Widget and reworked the Probe location but I still have one site that goes green and then red again and kind of bounces back and forth.
-
Varnish is a very stable solution, this intermittent error is all related to backend checks.
Check again its configuration and url used for health check.
-
Ok, everything seems to be running well now, only problem I'm having now is that authentication through this seems to be kind of touch and go. Outlook Web Access doesn't want to let me login. Any idea's what that's all about?
-
Well,
Owa is much better via https, nat 443 to owa. You do not want your domains passwords exposed.
-
I would but I need 443 for a different service.
-
I have no clue on owa with http, I have it working with https.
No sites I've published behind varnish had auth issues. :(
-
one of our customer used echange 2003 server with http and then it was ran by cookies, i don't know exactly how owa does work.
-
Ok, thanks for you help, I was able to leave owa at https and change the port on the other https service.
