@Brizoo wrote:
Hi community,
I’m trying to build an HAProxy setup to make available some LAN Servers from external. The majority is HTTP/HTTPS ports to forward but I also have some TCP ports to forward
I have this basic setup in place and working:
HAProxy server is in my DMZ, I have a firewall between WAN <-> DMZ and DMZ <-> LAN. Servers are in LAN.The goal here is to go further and enhance my configuration as well as fix bugs I have. Currently all HTTPS redirects are working fine, but not TCP. I also have a problem to identify my sources correctly. For example, if I have two different source to redirect on the two different backend but on same port (this is the case with 8443, I need to add a new backend on 8443), I’m not able to make the difference between them and redirect them on the good backend.
Servers and ports that need to be accessed from outside:
- ITAM1 TCP: 8027 HTTPS: 8383 8022 8020 8021 8443 8444 8031
- ITAM2 HTTPS: 8443
- ITSM TCP: 9000 HTTPS: 443
- AV TCP: 8013 8014
- OTHER HTTPS: 8085 9443
My configuration file, looks like this so far. This is my first use at HAProxy and the conf I have done is really basic. Please be indulgent!
global maxconn 4096 user haproxy group haproxy daemon # Default SSL material locations #ca-base /etc/ssl/certs # tune & ssl params to force diffie-hellman defaults, disallow most tls/poodle attacks, and restrict binders to secure ciphers #tune.ssl.default-dh-param 4096 #ssl-default-bind-options no-sslv3 no-tls-tickets #ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:EECDH+AES defaults mode tcp log 127.0.0.1 local0 notice timeout connect 5000 timeout client 50000 timeout server 50000 frontend tcpServers bind *:8013 bind *:8014 bind *:8027 bind *:8383 bind *:8022 bind *:8020 bind *:8021 bind *:8443 bind *:8444 bind *:8031 bind *:443 bind *:9000 bind *:8085 bind *:9443 #bind *:443 ssl crt /etc/haproxy/certs/ no-sslv3 #ACL by Port acl tcp_8013 dst_port 8013 acl tcp_8014 dst_port 8014 acl tcp_8027 dst_port 8027 acl https_8383 dst_port 8383 acl http_8022 dst_port 8022 acl https_8020 dst_port 8020 acl https_8021 dst_port 8021 acl https_8443 dst_port 8443 acl https_8444 dst_port 8444 acl https_8031 dst_port 8031 acl https_443 dst_port 443 acl tcp_9000 dst_port 9000 acl http_8085 dst_port 8085 acl https_9443 dst_port 9443 tcp-request inspect-delay 5s # Start SSL Passthrough Backend # backend fortiemstcp8013 server fortiems X.X.X.X:8013 backend fortiemstcp8014 server fortiems X.X.X.X:8014 backend itamtcp8027 server itam X.X.X.X:8027 backend itamhttps8383 server itam X.X.X.X:8383 backend itamhttp8022 server itam X.X.X.X:8022 backend itamhttps8020 server itam X.X.X.X:8020 backend itamhttps8021 server itam X.X.X.X:8021 backend itamhttps8443 server itam X.X.X.X:8443 backend itamhttps8444 server itam X.X.X.X:8444 backend itamhttps8031 server itam X.X.X.X:8031 backend supportcenterhttps443 server supportcenter X.X.X.X:443 backend supportcentertcp9000 server supportcenter X.X.X.X:9000 backend assetshttp8085 server assets X.X.X.X:8085 backend assetshttps9443 server assets X.X.X.X:9443
Posts: 1
Participants: 1