@white_rabbit wrote:
Hi.
I tried to install HAProxy on our OPNSense-FW and found a step-by-step-instruction…
now some things are working while others dont. I cant’ find the mistake – maybe one of the wizzzards here?I have a DMZ with 172.17.17.0/24 and OPNSense on .254
I used two virtual devices: 172.17.17.252 and .253 and as a Test-Server 172.17.17.5 (later for nextcloud)When I use
http(s)://nextcloud2.linux.my-domain.comin my LAN everything works fine. The apache2 answers correctly for Port 80 and 443. So I guess the configuration is ok?I also already set a CNAME to *.linux.my-domain.com on our external Server (my-domain.com) and a port forwading for 80 and 443 to the WAN-IP of the OPNSense.
So
ping nextcloud2.linux.my-domain.comworks everywhere.Nevertheless I can’t access the nextcloud-Host behind the Rev.Proxy from my DMZ, WAN or from outside.
Can anyone tell me what’s wrong or missing?
DMZ: HTTP/1.1 301 Moved Permanently
WAN: No route to host.Thanks for a hint.
# # Automatically generated configuration. # Do not edit this file manually. # global # NOTE: Could be a security issue, but required for some feature. uid 80 gid 80 chroot /var/haproxy daemon stats socket /var/run/haproxy.socket level admin nbproc 1 nbthread 1 tune.ssl.default-dh-param 1024 spread-checks 0 tune.chksize 16384 tune.bufsize 16384 tune.lua.maxmem 0 log /var/run/log local0 info defaults log global option redispatch -1 timeout client 30s timeout connect 30s timeout server 30s retries 3 # autogenerated entries for ACLs # autogenerated entries for config in backends/frontends # autogenerated entries for stats # Frontend: http_DMZ_WAN (internal and external http) frontend http_DMZ_WAN bind 172.17.17.252:80 name 172.17.17.252:80 bind 172.17.17.253:80 name 172.17.17.253:80 mode http option http-keep-alive option forwardfor # tuning options timeout client 30s # logging options # ACL: find_acme_challenge acl acl_45e5bfd9525e2e7.18783878 path_beg -i /.well-known/acme-challenge/ # ACL: Nextcloud_Bedingung acl acl_5ebafdd99a40d7.14505678 hdr_end(host) -i nextcloud2.linux.my-domain.com # ACTION: redirect_acme_challenges use_backend acme_challenge_backend if acl_45e5bfd9525e2e7.18783878 # ACTION: Nextcloud use_backend Nextcloud_Backend if acl_5ebafdd99a40d7.14505678 # Frontend: https_DMZ_WAN (internal and external https) frontend https_DMZ_WAN bind 172.17.17.252:443 name 172.17.17.252:443 ssl crt-list /tmp/haproxy/ssl/4baf2ad81dea1.61416316.certlist bind 172.17.17.253:443 name 172.17.17.253:443 ssl crt-list /tmp/haproxy/ssl/4baf2ad81dea1.61416316.certlist mode http option http-keep-alive option forwardfor # tuning options timeout client 30s # logging options # ACL: Nextcloud_Bedingung acl acl_5ebafdd99a40d7.14505678 hdr_end(host) -i nextcloud2.linux.my-domain.com # ACTION: Nextcloud use_backend Nextcloud_Backend if acl_5ebafdd99a40d7.14505678 # Frontend: https_DMZ (internal https) frontend https_DMZ bind 172.17.17.253:443 name 172.17.17.253:443 ssl crt-list /tmp/haproxy/ssl/5dbaf62c571809.61471992.certlist mode http option http-keep-alive option forwardfor # tuning options timeout client 30s # logging options # Backend: Nextcloud_Backend (Nextcloud_Backend) backend Nextcloud_Backend # health checking is DISABLED mode http balance source # stickiness stick-table type ip size 50k expire 30m stick on src # tuning options timeout connect 30s timeout server 30s # ACL: not-SSL acl acl_5dbaf90c2d38c3.66671068 req.proto_http # ACTION: redirect_SSL http-request redirect scheme https code 301 if acl_5dbaf90c2d38c3.66671068 http-reuse safe server nextcloud_Host 172.17.17.5:443 # Backend: acme_challenge_backend (Added by Let's Encrypt plugin) backend acme_challenge_backend # health checking is DISABLED mode http balance source # stickiness stick-table type ip size 50k expire 30m stick on src # tuning options timeout connect 30s timeout server 30s http-reuse safe server acme_challenge_host 127.0.0.1:43580
Posts: 1
Participants: 1