Hello guys, i want to put multible domains behind one public ip, so i have to use a reverse proxy. I’m combining pfsense 2.4.4 with the HAproxy. 

Here’s what i’ve got:

  • WordPress Webserver, domain.ch
  • WordPress Webserver, otherdomain.ch
  • Nextcloud 14, sub.domain.ch

First, install the HAproxy package


——————————————————————————————————-

Create the needed Firewall rules

——————————————————————————————————-

Enable the HAproxy

——————————————————————————————————-

Configure the stats port

——————————————————————————————————-

Create your backends

——————————————————————————————————-

Backend overview for wordpress webserver

——————————————————————————————————-

Backend overview for nextcloud webserver
Change the timeout and health check method

——————————————————————————————————-

Here is the frontend overview

——————————————————————————————————-

Configure the external IP and port

——————————————————————————————————-

Frontend type is http/https(offloading)

——————————————————————————————————-

Create the frontend ACLs – type each domain

——————————————————————————————————-

Create the frontend actions – Connect each ACL with the correct backend webserver

——————————————————————————————————-

Control the stats – each server needs to be up

——————————————————————————————————-

Heres the needed wordpress config

——————————————————————————————————-

Hers the needed nextcloud config


3 Comments

visvic · 2. April 2019 at 23:11

Hello,

Sorry for my bad english, i’m French.

Thanks a lot for tuto, but something hurts me :s, the interface of the router is totally naked on the internet.

When opening ports one is already vulnerable, but then with router interface, goodbye security.

do you have a solution to this?

thank you in advance friend, see you later

Octavio Rodriguez · 14. May 2019 at 18:03

Hi Tobias,

Thanks for your very nice write up about configuring HAProxy. I’ve a use case were a WebService is listening under http:/Interface/name/execute, is it possible to use HAProxy to redirect requests to name.ddns.net to be always redirect to this WebService?

So if my client performs a request to http://name.ddns.net that request should be passed to this web service on 192.168.1.20/interface/name/execute. I’ve tried the following config:

Backend:
Server List | Mode:Active, Name:BackendService, ForwardTo: Address+POrt, Address: 192.168.1.20, Port:80
ACL | Name: BackendACL, Expression: Host Matches, Value: name.ddns.net
Actions | Action: http-request set path | Params: fmt:/interface/name/execute | Condition: BackendACL

Frontend:
Listen Address: WAN Port: 80
ACL | Name: WebService, Expression: Host matches: name.ddns.net
Actions | Use Backend: BanendService
Default Backend: Backend Service

Any pointers will be greatly appreciated!

Thanks

    Tobias Moor · 16. July 2019 at 16:15

    Hello Octavio, sorry for the late reply. I will have a look at your configuration at the weekend and will give you some feedback – if you still need it.

Leave a Reply

Your email address will not be published. Required fields are marked *


Notice: Undefined index: bootstrap in /var/www/wordpress/wp-content/themes/hestia/inc/core/class-hestia-public.php on line 878

Notice: Trying to get property 'src' of non-object in /var/www/wordpress/wp-content/themes/hestia/inc/core/class-hestia-public.php on line 878