Bind 443 to multiple backends based on dummy paths

@dinosauriecito wrote:

Hi! I am new to the forum and after learning and searching a lot in Google is I come up here because I wasn’t able to achive the challenge I am going to explain. Before I start, I started to use Haproxy a few months ago and even though I read a lot about proxy pass, forward and redirect, I think I still don’t understand them enough so I will explain with a diagram I made for the case and my words:

haproxy_forum.png1052x537 40.6 KB

So the thing is I want to connect to my home several services(cameras, nextcloud and others) through only port 443 by diferentiating them through dummy paths (I mean by dummy paths, non existing paths).

The reason for this is that lot of outside internet conections have strong firewalls and port 443 is the only port I can use to connect to my home network. I have Openvpn but I can’t ask everyone to use my vpn to connect to a service.

So after some work, I come up with something that seems is on the way but still lacks something:

frontend rules_443_ssl2
bind *:443 ssl crt my_cert.pem
mode tcp
tcp-request inspect-delay 3s
tcp-request content accept if { req.ssl_hello_type 1 }

    use_backend cam1 if { url_beg /cam1 }
    use_backend cam2 if { url_beg /cam2 }
    use_backend nextcloud  if { url_beg /nextcloud }
default_backend tcp_ovpn

backend cam1
mode http
option forwardfor
option http-server-close
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-request set-path %[path,regsub(^/cam1/?,/)] if { path /cam3 } or { path_beg /cam1/ }
server ipcam 192.168.0.147:8081 check fall 3 rise 2 maxconn 50

backend cam2
(similar to 1)

backend nextcloud
mode http
http-request set-path %[path,regsub(^/nextcloud/?,/)] if { url_beg /nextcloud } or { path_beg /nextcloud }
#reqrep ^([^\ ]\ /)nextcloud[/]?(.) \1\ \2
server nextcloud 127.0.0.1:8084 ssl verify none

backend tcp_ovpn
mode tcp
option ssl-hello-chk
server ovpn 127.0.0.1:1194 maxconn 50

So when I test it this is what happens:

1. From my computer’s web browser I type: https://home_IP/cam1
2. I get: https://home_IP/main.htm
   
   image.png885x345 18.6 KB

When I see haproxy log I can see that 1) hits the correct backend(camera 1) but when the backend camera redirects me to its login pagem It doesn’t add the “cam1/login.htm” dummy path and instead sends my directly to “login.htm” and thus I end up in the Openvpn backend which is the default.

So If I type: https://home_IP/cam1/main.htm I reach the camera login but if I login I still get this error.

Thanks in advance!

Posts: 1

Participants: 1

Read full topic