Questions about haproxy
-
1/ Yes (never used here)
2/ Like, SNI? Yes.
3/ You allow WAN access to HAProxy ports. Remove any conflicting NAT rules, otherwise you'll never hit haproxy.
4/ Huh, injecting certs?Perhaps start here: https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki
What does SNI mean?
Injecting certs, if you go to https://owa.smoothrunnings.ca/owa you will see what I mean. The SSL cert is being injected by cloudflare.com the server itself has a self assigned cert which you don't see. Cloudflare add a free wildcard SSL cert to my domain, they just add some random letters and numbers to is.. so it looks like t2ksa3.smoothrunnings.ca when you look at it. It's pretty cool.
-
Ah ok, you mean SSL offloading. Yeah you can do that with HAProxy as well. (Use the ACME package to get some valid certs for HAProxy), the backend server can have whatever self-signed junk or even be HTTP only.
Again, read the linked docs.
-
Ah ok, you mean SSL offloading. Yeah you can do that with HAProxy as well. (Use the ACME package to get some valid certs for HAProxy), the backend server can have whatever self-signed junk or even be HTTP only.
Again, read the linked docs.
I had a look at the link you posted, I have to say it looks a bit confusing. It doesn't show a real life setup scenario, like lets say I want to setup HAProxy for 3 different web server services with the following IP's, public names, and ports.
1. webmail.mydomain.com, autodiscovery.mydomain.com - Server 192.168.1.60 port 443
2. www.mydomain.com - Server 192.168.1.25 port 80/443
3. remove.mydomain.com - Server 192.168.1.75 port 443I see the IPs in the config, but no mention of were the public names live, so how does HAProxy know on a single IP Frontend that the www.mydomain.com traffic needs to be routed to the proper server?
The folks at ISAServer.org made this kind of setup back in the day look easy as they used a real life example like what I just gave you. :)
Thanks,
-
What???
https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends
May I suggest you go re-read it a couple more times? If you still have questions after that, ask something specific about where you get stuck. Not going to rewrite what's already documented incl. pics/screenshots here.
-
What???
https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki/pfsense_2_3_haproxy_sni_plus_offloading_backends
May I suggest you go re-read it a couple more times? If you still have questions after that, ask something specific about where you get stuck. Not going to rewrite what's already documented incl. pics/screenshots here.
Does the Expression allow only for the domain name or can you add the URL?
Looking at Exchange 2013 there is only one port 80 URL http://owa.domain.com/PowerShell everything else would be nice if it could be redirected to 443.Thanks,
-
You can use path_beg (path begins) for URL. Or whatever else you need as ACL.
-
You can use path_beg (path begins) for URL. Or whatever else you need as ACL.
When I use Path starts with do I put the URL in plus the path? Because that's what is important, so www.mydomain.com/path is what I need to create an entry for.
Thanks,
-
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html
-
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html
Thanks, but the "path starts with" command doesn't exist in this more defined Linux coded version. I am not a programmer I am a Windows guy so this document might as well be written in Chinese. :)
I guess I will have to ask a more direct question in the forum then under this thread.
Regards,
-
It's called path_beg. Already noted above. Exists just fine.
-
It's called path_beg. Already noted above. Exists just fine.
It explains what it is but not how to use it. Nor are there any examples of how its used.
Thanks,
-
Just to confirm, before I apply these settings to the firewall do I need to remove the NAT policies on the FW for port 80 and 443?
Thanks,
-
OK, hire some admin I guess.
-