Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reverse Proxy just goes to last in list

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 2 Posters 922 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qwerty123
      last edited by

      I have haproxy running with my intention of using different DNS names to route to different places with prompting for authentication using SSL certs controlled by pfsense. Here's my setup:

      photo.<name>: No authentication with SSL. Works fine.
      myth.<name>: Authentication with SSL. Backend: 10.0.1.1:80
      foo.<name>: Authentication with SSL. Backend: 10.0.1.2: 8080
      bar.<name>: Authentication with SSL. Backend: 10.0.1.3: 9090

      What happens is that photo.<name> works fine and doesn't prompt for authentication. Myth, foo, and bar prompt for authentication. But if I enter "myth.<name>" or "foo.<name>", or "bar.<name>", they all get redirected to bar.

      I'm very new to haproxy and trying to figure out how I can direct myth, foo, and bar to .1, .2, and .3. I have everything working good with authentication and no auth...just getting hung up on the redirection part. Also, in the configs, I have the "name, expression, and value" as "myth, server name indication tls matches: myth.<name>" for each name.

      If anybody can offer some help on what to check it would be greatly appreciated. Thanks!

      P 1 Reply Last reply Reply Quote 0
      • P
        PiBa @qwerty123
        last edited by

        @qwerty123
        Can you post the haproxy.cfg from bottom of settings tab? I can probably spot where it might have went the wrong path with that.

        1 Reply Last reply Reply Quote 0
        • Q
          qwerty123
          last edited by

          Thanks for the response. I've been messing around with it a bit more this-morning and think I figured it out. I set everything up a year or so ago and forgot a lot of how I did it. I have haproxy listening to 443 then taking some SNI's and sending them to the auth sub-proxy area and others getting sent to the regular ssl (unauth) sub-proxy frontend place. In the sub-proxy front-ends, I have one listening to say :2044 and had shared frontends clicked. In that subsection, I had the redirection to the backend.

          I resolved it by getting rid of the :2044 shared frontend and using a custom acl backend set to "ssl_fc_sni_reg myth.<name>".

          I think my problem was I had a shared frontend setup, for whatever reason, and now it's working fine. I'm no haproxy expert; just a beginner, but I hope this may shed some light into somebody else's problem.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.