Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy: 2 frontends for one backend?

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 319 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sgw
      last edited by

      At a customer I run a HAproxy in front of some VMs, all nice and working.
      One of the VMs runs a test server for a web application, normally this service has only to be accessible inside our "intranet" (=LAN + some sites connected via IPSEC VPNs). For this purpose I created an extra HAproxy frontend on then LAN interface of pfsense and run DNS overrides to make that work internally.

      Now an external coder has to access this VM, he is not yet competent or motivated enough to use the OpenVPN-access I created for him ... just wants plain https access (sidenote: he does not have a static IPv4 address, so plain firewalling isn't possible here).

      That means I have to switch to a frontend on the WAN NIC ... but the CEO there wants that to be toggle-able = turn the external access on and off while keeping the internal access on all the time.

      Can/should I set up a 2nd FE for that machine? If I have more than one FQDN/ACL on that FE, will it be toggle-able at all? Or is there any better way of solving this? (aside from teaching that guy to click OpenVPN-icons)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.