Cannot publish subpages with HAProxy
-
Hello,
My config is like;
WAN (157.56.172.28)-> Juniper FW (192.168.1.75)-> HTTP ->MS ISA Server (192.168.1.253)-> www.test.com (192.168.1.1)
WAN (157.56.172.28)-> Juniper FW (192.168.1.75)-> HTTP ->MS ISA Server (192.168.1.253)-> www.test.com/hello/ (192.168.1.2)It's very easy to do this with ISA Server but i want to switch Pfsense. So i've installed HAProxy and i can publish www.test.com (192.168.1.1) but couldn't create correct rules for www.test.com/hello/ (192.168.1.2).
Whenever i go for www.test.com/hello/ it goes to 192.168.1.1 instead of 192.168.1.2, can someone help me how to create a correct config. for this setup?
Thanks
-
What rules did you make? Can you share the haproxy.cfg ?
-
Sorry cant do that but it wouldnt matter anyway because i have no idea how to write config for subpages. I've searched net whole day but couldn't find single example regarding this subject. So if u guys show me some example configs i think i can figure out the rest.
I've created two backends pointing port 80 to 192.168.1.1 and 192.168.1.2. Tried a to create a primary frontend with two shared frontends but no idea how to create correct ACL's to get this work.
-
Perhaps look at the native haproxy manual:
http://cbonte.github.io/haproxy-dconv/1.7/snapshot/configuration.html#7.2
The way they do it for "/images"In the haproxy package on pfSense youl need to define an acl to match /images and a usebackend action to then go to the right backend if the acl matches.
-
Has there been any progress on this I am in the same boat..
Cheers
Rich
-
If your in the same boat, then look at the same manual as linked above.. Or ask your question is a separate forum thread and i can try to help you there. Maybe i we can try and learn how to fish, instead of giving you a fish..
-
Sounds like a plan if i work it out all on my own I will defo update this Thread… ;D
Cheers
Rich
-
Reading other forums etc.. I have come up with the below config, but it does not seem to work… can anyone point out what might be wrong
Listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats admin if TRUE
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000frontend SHFD-merged
bind XXX.XXX.XXX.XXX:443 name XXX.XXX.XXX.XXX:443 ssl crt /var/etc/haproxy/SHFD.pem
bind 192.168.23.1:443 name 192.168.23.1:443 ssl crt /var/etc/haproxy/SHFD.pem
mode http
log global
option httplog
option http-keep-alive
option forwardfor
acl https ssl_fc
http-request set-header X-Forwarded-Proto http if !https
http-request set-header X-Forwarded-Proto https if https
timeout client 86400000
acl AURL path_end -i /Automation
use_backend Automation_Server_http_ipvANY if AURLbackend Automation_Server_http_ipvANY
mode http
log global
timeout connect 30000
timeout server 30000
retries 3
server AutoMate 192.168.23.2:8099Cheers
Rich
-
It looks like youve disabled healthchecking on the server, if you enable it for http, does the server show up 'green' on the stats page? If not some info here: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/haproxy_troubleshooting
Other than that are you sure the path 'ends' on /Automation ? For testing what curl command are you running?
Does http://192.168.23.2:8099/Automation show a (error?)response from the webserver when visited with a browser?
-
Hi PiBa,
I believe i know what might be wrong but unsure how to fix this… have change the path_end to Path_begins. but also noticed the internal path should be http://192.168.23.2:8099/* Correct me if I am wrong like you point out below it requesting the URL to http://192.168.23.2:8099/Automation internally
Do you know the best way of achieving this?
Cheers
Rich
-
on the backend i have added the following line to
"Backend pass thru"
reqrep ^([^\ :])\ /Automation/(.) \1\ /\2This seems to work is it possable to drop off the last forward slash / ?
Cheers
Rich