Redirecting Domain to internal server using Host Override and HAProxy
-
Hi All,
I have a webserver located on an internal network, i want to redirect all queries for that webserver so that they are resolved internally without going to external DNS.Externally, my requests come into HAProxy where i do SSL offloading before forwarding onto my internal Webserver.
I set up a Host Override in DNS Resolver to point to my webserver on my internal network which works fine, but that means that SSL offloading isnt taking place which affects some apps i use as they say the server certificate is untrusted when connecting internally - externally connecting is fine obviously as it goes via HAProxy.
Is there any way i can setup the DNS resolver Host Override so that in some way it goes via haproxy?
-
Point the hostoverride to your wan-ip? (assuming its static..)
Or perhaps use the lan-ip and make haproxy frontend listen there as well?. (make sure that the webgui will still be available on a different port)..
-
I started experimenting with this same setup today and ran into a similar conundrum.
I have two internal NATed subnets.
HAProxy is running on the firewall with a back-end in one of my internal networks.
Is it possible to configure the DNS Resolver (Unbound) to resolve a domain name to the interface address that the lookup came in on?
Or should I just pick one of my internal networks and have the domain resolve to that interface's address?
-
afaik, with dnsresolver you will need to pick 1 ip to return to all clients.. if you really really want to serve different replies to different clients that might be possible with the Bind package..
Other option could be to configure a new but different local subnet to the lo0 interface, and use those ip's for binding special services to.. -
Maybe I am over thinking it.
Do you think there would be any significant overhead with clients on subnet B accessing HAProxy running on the firewall via the interface address for subnet A?
-
There should be little to no overhead imho, its not like its going to send traffic out the wan interface to the isp and back when you connect to the wan-ip from the lan-net.. It still a ip local to the system which is routed to lo0 both the same for wan-ip and lan-ip.