Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Reverse proxy (HAProxy) with permanent OpenVPN Tunnel

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Stimpy68
      last edited by

      Hi Guys,

      I have some problems configuring HAProxy to use the OpenVPNTunnel I have. A bit of explanation:

      Interfaces:

      • LAN
      • WAN, connected to my cable modem DHCP
      • VPN, tunnel to hosting provider that hosts my domainname

      Because I want to have a fixed ip address on my domainname I use the VPN tunnel, my ISP also doesn't allow running servers and blocks most ports (mainly mailserver ports)

      I used this tutorial to get Acme working: https://youtu.be/5Frn96oADOU

      It works, but.... when connecting to my domainname on port 80 I see the in the tutorial mentioned error page "Maintenance", so that's supposed to happen, when I connect through the WAN interface I also get the same page...

      The listening Address in the frontend is set to "any" port 80 (I couldn't get it to work otherwise), and have a FW rule : Source Any, Port any , Destination VPN address, Interface VPN.

      Is there anything I missed or misconfigured?

      P 1 Reply Last reply Reply Quote 0
      • P
        PiBa @Stimpy68
        last edited by

        @Stimpy68
        Sounds seemingly fine... but for sure i'm not gonna watch a 30 minute video that surely wont show what step you might have missed..

        So what 'maintenance' page are you getting.? One from haproxy or from your actual website?, what does it look like.?

        Can you share the haproxy.cfg from the bottom of the settings tab of haproxy package? Are stats configured? Does the webserver show as 'up' ?

        1 Reply Last reply Reply Quote 0
        • S
          Stimpy68
          last edited by

          I got it working, used the virtual ip address of the VPN tunnel. Now the response only goes through the tunnel. So that issue is solved.

          1 Reply Last reply Reply Quote 0
          • S
            Stimpy68
            last edited by

            Okay, got it all working now, including SSL offloading. Only one thing I want to accomplish. I run a mailserver suite (MailCow), when you go to mail.mydomain.net you land on the admin page and not the webmailclient, thats on /webmail. Is there any way to do this in HAProxy? And of course, how? ;-)

            P 1 Reply Last reply Reply Quote 0
            • P
              PiBa @Stimpy68
              last edited by

              @Stimpy68
              Try and put this setting in the frontend under "Advanced settings" in the textbox for "Advanced pass thru" ?:

              http-request redirect location /webmail unless { path -i -m reg "^/webmail" }
              
              1 Reply Last reply Reply Quote 1
              • S
                Stimpy68
                last edited by

                @PiBa Thanks! I first placed it in the frontend, but then all my backend servers went to /webmail. I put it in actions in the backend server for my mailserver and it works like a charm!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.