Hi all,
I have haproxy 2.0 running on an OpenWRT router (192.168.1.1) with several dockerized servers being served by different domains via a dockerized NGINX available at 192.168.1.106:9443
The servers are available at:
cucumber.mydomain.com > 192.168.1.106:1001
carrot.mydomain.com > 192.168.1.106:1002
apple.mydomain.com > 192.168.1.106:1003
The certificates are served by the NGINX and would like to keep it like that, with haproxy used in passthrough mode for “split dns” functionality.
I have port forwarding on OpenWRT external :443 to internal :9443 to the NGINX.
I can perfectly reach all my servers from outside and also from inside, but the moment I cut the internet, I cannot reach them anymore from inside.
My goal is to be able to reach the servers by the domain even when there is no internet, but I cannot make it work. I have enabled tcp mode for passthrough as per the below config, but no joy. Stats show no matches to backend just the front-end:
Global parameters
global
log stdout local0 debug
maxconn 5000
ulimit-n 65535
uid 0
gid 0
daemon
nosplice
debug
defaults
timeout connect 5000
mode tcp
option tcplog
log global
timeout client 2000000
timeout server 2000000
frontend stat_page
bind *:8444 ssl crt /etc/ssl/private/haproxy/haproxy.pem
mode http
option tcplog
stats enable
stats uri /stats
stats realm HA_Stats
stats auth admin:admin
frontend main_https_listen
bind 192.168.1.1:443
mode tcp
acl cucumber hdr(host) -i cucumber.mydomain.com
tcp-request inspect-delay 5s
use_backend bk_cucumber if cucumber
backend bk_cucumber
mode tcp
timeout connect 5000
timeout server 30000
server server1 192.168.1.106:9443 check
listen local_health_check
bind :60000
mode health
Thanks for your input!
3 posts - 2 participants