Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    website name resolution

    Scheduled Pinned Locked Moved
    Cache/Proxy
    name website
    3
    7
    591
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stefan.bendler
      last edited by

      Hi,
      I installed pfsense together with haproxy. At the moment I’m only using the lan connection for testing purposes. Accessing websites via haproxy works so far. As soon as I try to access websites on shared web servers it always ends up on the index ... file of the server. I dont get the website I want to access. Is there a way to include the name of the desired website in haproxy?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @stefan.bendler
        last edited by

        @stefan-bendler you sure the client is sending it? Or is it hitting an IP an port?

        This would be the directive you could use to send a host header to your backend

        https://cbonte.github.io/haproxy-dconv/2.6/configuration.html#4.2-http-send-name-header

        But testing with one of mine, I see that it is sent - because the client actually sent it.. Or you doing something that would strip it?

        hostheader.jpg

        Sniffing on the lan interface while I have a client hit the fqdn that points to my public IP, I see the traffic sent by haproxy to my backend, and the host header is included.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        S 2 Replies Last reply Reply Quote 0
        • S
          stefan.bendler @johnpoz
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • S
            stefan.bendler @johnpoz
            last edited by

            @johnpoz said in website name resolution:

            @stefan-bendler you sure the client is sending it? Or is it hitting an IP an port?

            This would be the directive you could use to send a host header to your backend

            https://cbonte.github.io/haproxy-dconv/2.6/configuration.html#4.2-http-send-name-header

            But testing with one of mine, I see that it is sent - because the client actually sent it.. Or you doing something that would strip it?

            hostheader.jpg

            Sniffing on the lan interface while I have a client hit the fqdn that points to my public IP, I see the traffic sent by haproxy to my backend, and the host header is included.

            The client isnt sending it in my test cases. I do it by opening the ip-adress and the port of the pfsense server. Where do i set this value within the pfsense/haproxy desktop, when using a ssl connection? I looked through all options and havent found it.

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @stefan.bendler
              last edited by

              @stefan-bendler said in website name resolution:

              The client isnt sending it in my test cases. I do it by opening the ip-adress and the port of the pfsense server.

              If the client isn't sending the host header, I'm wondering how your backend server would be able to determine, which site the client wants to see without HAproxy.
              If it's a HTTP client he should put the desired host into the host header.

              Without this information, the server or even HAproxy can only provide a single website on a single IP-port combination.

              Where do i set this value within the pfsense/haproxy desktop

              You can state the host name in the backend instead of its IP.
              c0e5c6d0-7ce2-4321-a79e-2c4ad7fedef1-grafik.png
              However, consider that pfSense must be able to resolve it to the correct local IP.

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @viragomann
                last edited by johnpoz

                @viragomann that is not going to add the host header info to what gets asked of the client.

                @stefan-bendler

                Your client needs to ask for the fqdn your looking for if you want to serve up some virtual website, ie via host headers. Or how would the httpd know what to serve up?? Or its just going to serve up whatever is default for that port..

                Per the directive I linked too - you could add it so the httpd knows what your looking for.

                But the correct solution is to have the client actually ask for what its looking for.. Use the actual fqdn your wanting to access vs just IP and port..

                Or change your httpd to service up siteA when on port X, and site B when hit on port Y, etc. If your wanting to use just IP and port.

                But one of the nice things about using haproxy, is if going to say something.domain.tld get sent to IP:port, and when asking for otherthing.otherdomain.tld you get sent to otherIP:otherPort, etc.

                Are you looking to not send it on if just asking for IP:port - I do this on mind, because it keeps say just bots trying to connect to IP:port from actually going anywhere, this is strict sni setting in haproxy.

                So for example if you just hit my public IP and 443 from the internet you get this you get nothing.

                connect.jpg

                I am using ssl offload, so haproxy handles the ssl stuff, and just talks to my httpd serving up overseerr on the IP and port, but as you can see from my above screenshot the host header is sent with the full name.. because the client actually asked for it.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.03 | Lab VMs 2.7.2, 24.03

                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @johnpoz
                  last edited by

                  @johnpoz said in website name resolution:

                  @viragomann that is not going to add the host header info to what gets asked of the client.

                  Aha, I assumed that this HAproxy would implement it as host header. Didn't ever use a host name in the backend.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post