HAproxy: 2 frontends for one backend?



  • At a customer I run a HAproxy in front of some VMs, all nice and working.
    One of the VMs runs a test server for a web application, normally this service has only to be accessible inside our "intranet" (=LAN + some sites connected via IPSEC VPNs). For this purpose I created an extra HAproxy frontend on then LAN interface of pfsense and run DNS overrides to make that work internally.

    Now an external coder has to access this VM, he is not yet competent or motivated enough to use the OpenVPN-access I created for him ... just wants plain https access (sidenote: he does not have a static IPv4 address, so plain firewalling isn't possible here).

    That means I have to switch to a frontend on the WAN NIC ... but the CEO there wants that to be toggle-able = turn the external access on and off while keeping the internal access on all the time.

    Can/should I set up a 2nd FE for that machine? If I have more than one FQDN/ACL on that FE, will it be toggle-able at all? Or is there any better way of solving this? (aside from teaching that guy to click OpenVPN-icons)