Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy scenario - desperate for advise

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cwelinder
      last edited by

      Hi,
      I'm pretty new to working with proxies, but must a working solution to a very specific scenario.
      Having looked through the major reverse proxies I would need advise on how to progress.

      Scenario is this: (pfSense as virtual machine in a vSphere cluster)
      Interfaces WAN and LAN is on same subnet.
      OPT1 run a static OpenVPN Tunnel and act as the de facto WAN-connection.

      The internal subnet hosts three production servers (two backend sql-servers, one frontend portal).
      Frontend server run PHP application for a smartphone app, with apache serving a growing number of URL:s. (Like customer-pages, admin-portal, smartphone-app login etc).

      So basically, I need to redirect to this server (no problem so far) but also pass/rewrite the path.
      sub1.domain.ltd:80  –>  192.168.10.10:80/path

      I was hoping HAProxy would handle this, but more and more I feel like I better move to Apache mod_security package with the help of mod_proxy.

      Any advise would be a real life-saver and grant best possible karma-payback :)

      side note: I'm currently running HAProxy on Synology DSM, works great! Problem is that OpenVPN client for DSM doesn't play nice with my tunnel setup :(

      1 Reply Last reply Reply Quote 0
      • P
        PiBa
        last edited by

        With haproxy you should be able to put the lines below in a 'advanced' section:

        reqrep ^([^\ :]*)\ /(.*)     \1\ /path/\2
reqirep ^Host:\ sub1.domain.ltd   Host:\ 192.168.10.10

        I think that will take care of the rewriting.. However i think the rewriting of the host is actually not a nice thing to do, i think its better to configure a virtual directory which checks the proper domain name on the webserver.

        Also read about this in the manual: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-reqrep

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.