Reverse Proxy just goes to last in list



  • I have haproxy running with my intention of using different DNS names to route to different places with prompting for authentication using SSL certs controlled by pfsense. Here's my setup:

    photo.<name>: No authentication with SSL. Works fine.
    myth.<name>: Authentication with SSL. Backend: 10.0.1.1:80
    foo.<name>: Authentication with SSL. Backend: 10.0.1.2: 8080
    bar.<name>: Authentication with SSL. Backend: 10.0.1.3: 9090

    What happens is that photo.<name> works fine and doesn't prompt for authentication. Myth, foo, and bar prompt for authentication. But if I enter "myth.<name>" or "foo.<name>", or "bar.<name>", they all get redirected to bar.

    I'm very new to haproxy and trying to figure out how I can direct myth, foo, and bar to .1, .2, and .3. I have everything working good with authentication and no auth...just getting hung up on the redirection part. Also, in the configs, I have the "name, expression, and value" as "myth, server name indication tls matches: myth.<name>" for each name.

    If anybody can offer some help on what to check it would be greatly appreciated. Thanks!



  • @qwerty123
    Can you post the haproxy.cfg from bottom of settings tab? I can probably spot where it might have went the wrong path with that.



  • Thanks for the response. I've been messing around with it a bit more this-morning and think I figured it out. I set everything up a year or so ago and forgot a lot of how I did it. I have haproxy listening to 443 then taking some SNI's and sending them to the auth sub-proxy area and others getting sent to the regular ssl (unauth) sub-proxy frontend place. In the sub-proxy front-ends, I have one listening to say :2044 and had shared frontends clicked. In that subsection, I had the redirection to the backend.

    I resolved it by getting rid of the :2044 shared frontend and using a custom acl backend set to "ssl_fc_sni_reg myth.<name>".

    I think my problem was I had a shared frontend setup, for whatever reason, and now it's working fine. I'm no haproxy expert; just a beginner, but I hope this may shed some light into somebody else's problem.