Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Redirecting Domain to internal server using Host Override and HAProxy

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 3 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      ProxyMoron
      last edited by

      Hi All,
        I have a webserver located on an internal network, i want to redirect all queries for that webserver so that they are resolved internally without going to external DNS.

      Externally, my requests come into HAProxy where i do SSL offloading before forwarding onto my internal Webserver.

      I set up a Host Override in DNS Resolver to point to my webserver on my internal network which works fine, but that means that SSL offloading isnt taking place which affects some apps i use as they say the server certificate is untrusted when connecting internally - externally connecting is fine obviously as it goes via HAProxy.

      Is there any way i can setup the DNS resolver Host Override so that in some way it goes via haproxy?

      1 Reply Last reply Reply Quote 0
      • P
        PiBa
        last edited by

        Point the hostoverride to your wan-ip? (assuming its static..)

        Or perhaps use the lan-ip and make haproxy frontend listen there as well?. (make sure that the webgui will still be available on a different port)..

        1 Reply Last reply Reply Quote 0
        • C
          coreybrett
          last edited by

          I started experimenting with this same setup today and ran into a similar conundrum.

          I have two internal NATed subnets.

          HAProxy is running on the firewall with a back-end in one of my internal networks.

          Is it possible to configure the DNS Resolver (Unbound) to resolve a domain name to the interface address that the lookup came in on?

          Or should I just pick one of my internal networks and have the domain resolve to that interface's address?

          1 Reply Last reply Reply Quote 0
          • P
            PiBa
            last edited by

            afaik, with dnsresolver you will need to pick 1 ip to return to all clients.. if you really really want to serve different replies to different clients that might be possible with the Bind package..
            Other option could be to configure a new but different local subnet to the lo0 interface, and use those ip's for binding special services to..

            1 Reply Last reply Reply Quote 0
            • C
              coreybrett
              last edited by

              Maybe I am over thinking it.

              Do you think there would be any significant overhead with clients on subnet B accessing HAProxy running on the firewall via the interface address for subnet A?

              1 Reply Last reply Reply Quote 0
              • P
                PiBa
                last edited by

                There should be little to no overhead imho, its not like its going to send traffic out the wan interface to the isp and back when you connect to the wan-ip from the lan-net.. It still a ip local to the system which is routed to lo0 both the same for wan-ip and lan-ip.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.