Hello guys, i want to put multible domains behind one public ip, so i have to use a reverse proxy. I’m combining pfsense 2.4.4 with the HAproxy. 

Here’s what i’ve got:

  • WordPress Webserver, domain.ch
  • WordPress Webserver, otherdomain.ch
  • Nextcloud 14, sub.domain.ch

First, install the HAproxy package


——————————————————————————————————-

Create the needed Firewall rules

——————————————————————————————————-

Enable the HAproxy

——————————————————————————————————-

Configure the stats port

——————————————————————————————————-

Create your backends

——————————————————————————————————-

Backend overview for wordpress webserver

——————————————————————————————————-

Backend overview for nextcloud webserver
Change the timeout and health check method

——————————————————————————————————-

Here is the frontend overview

——————————————————————————————————-

Configure the external IP and port

——————————————————————————————————-

Frontend type is http/https(offloading)

——————————————————————————————————-

Create the frontend ACLs – type each domain

——————————————————————————————————-

Create the frontend actions – Connect each ACL with the correct backend webserver

——————————————————————————————————-

Control the stats – each server needs to be up

——————————————————————————————————-

Heres the needed wordpress config

——————————————————————————————————-

Hers the needed nextcloud config


3
Leave a Reply

avatar
2 Comment threads
1 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
Tobias MoorOctavio Rodriguezvisvic Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
visvic
Guest
visvic

Hello,

Sorry for my bad english, i’m French.

Thanks a lot for tuto, but something hurts me :s, the interface of the router is totally naked on the internet.

When opening ports one is already vulnerable, but then with router interface, goodbye security.

do you have a solution to this?

thank you in advance friend, see you later

Octavio Rodriguez
Guest
Octavio Rodriguez

Hi Tobias, Thanks for your very nice write up about configuring HAProxy. I’ve a use case were a WebService is listening under http:/Interface/name/execute, is it possible to use HAProxy to redirect requests to name.ddns.net to be always redirect to this WebService? So if my client performs a request to http://name.ddns.net that request should be passed to this web service on 192.168.1.20/interface/name/execute. I’ve tried the following config: Backend: Server List | Mode:Active, Name:BackendService, ForwardTo: Address+POrt, Address: 192.168.1.20, Port:80 ACL | Name: BackendACL, Expression: Host Matches, Value: name.ddns.net Actions | Action: http-request set path | Params: fmt:/interface/name/execute | Condition: BackendACL Frontend: Listen… Read more »

Tobias Moor
Guest
Tobias Moor

Hello Octavio, sorry for the late reply. I will have a look at your configuration at the weekend and will give you some feedback – if you still need it.