Hi.
I tried to install HAProxy on our OPNSense-FW and found a step-by-step-instruction…
now some things are working while others dont. I cant’ find the mistake – maybe one of the wizzzards here?
I have a DMZ with 172.17.17.0/24 and OPNSense on .254
I used two virtual devices: 172.17.17.252 and .253 and as a Test-Server 172.17.17.5 (later for nextcloud)
When I use http(s)://nextcloud2.linux.my-domain.com in my LAN everything works fine. The apache2 answers correctly for Port 80 and 443. So I guess the configuration is ok?
I also already set a CNAME to *.linux.my-domain.com on our external Server (my-domain.com) and a port forwading for 80 and 443 to the WAN-IP of the OPNSense.
So ping nextcloud2.linux.my-domain.com works everywhere.
Nevertheless I can’t access the nextcloud-Host behind the Rev.Proxy from my DMZ, WAN or from outside.
Can anyone tell me what’s wrong or missing?
DMZ: HTTP/1.1 301 Moved Permanently
WAN: No route to host.
Thanks for a hint.
#
# Automatically generated configuration.
# Do not edit this file manually.
#
global
# NOTE: Could be a security issue, but required for some feature.
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket level admin
nbproc 1
nbthread 1
tune.ssl.default-dh-param 1024
spread-checks 0
tune.chksize 16384
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log local0 info
defaults
log global
option redispatch -1
timeout client 30s
timeout connect 30s
timeout server 30s
retries 3
# autogenerated entries for ACLs
# autogenerated entries for config in backends/frontends
# autogenerated entries for stats
# Frontend: http_DMZ_WAN (internal and external http)
frontend http_DMZ_WAN
bind 172.17.17.252:80 name 172.17.17.252:80
bind 172.17.17.253:80 name 172.17.17.253:80
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
# logging options
# ACL: find_acme_challenge
acl acl_45e5bfd9525e2e7.18783878 path_beg -i /.well-known/acme-challenge/
# ACL: Nextcloud_Bedingung
acl acl_5ebafdd99a40d7.14505678 hdr_end(host) -i nextcloud2.linux.my-domain.com
# ACTION: redirect_acme_challenges
use_backend acme_challenge_backend if acl_45e5bfd9525e2e7.18783878
# ACTION: Nextcloud
use_backend Nextcloud_Backend if acl_5ebafdd99a40d7.14505678
# Frontend: https_DMZ_WAN (internal and external https)
frontend https_DMZ_WAN
bind 172.17.17.252:443 name 172.17.17.252:443 ssl crt-list /tmp/haproxy/ssl/4baf2ad81dea1.61416316.certlist
bind 172.17.17.253:443 name 172.17.17.253:443 ssl crt-list /tmp/haproxy/ssl/4baf2ad81dea1.61416316.certlist
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
# logging options
# ACL: Nextcloud_Bedingung
acl acl_5ebafdd99a40d7.14505678 hdr_end(host) -i nextcloud2.linux.my-domain.com
# ACTION: Nextcloud
use_backend Nextcloud_Backend if acl_5ebafdd99a40d7.14505678
# Frontend: https_DMZ (internal https)
frontend https_DMZ
bind 172.17.17.253:443 name 172.17.17.253:443 ssl crt-list /tmp/haproxy/ssl/5dbaf62c571809.61471992.certlist
mode http
option http-keep-alive
option forwardfor
# tuning options
timeout client 30s
# logging options
# Backend: Nextcloud_Backend (Nextcloud_Backend)
backend Nextcloud_Backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
# ACL: not-SSL
acl acl_5dbaf90c2d38c3.66671068 req.proto_http
# ACTION: redirect_SSL
http-request redirect scheme https code 301 if acl_5dbaf90c2d38c3.66671068
http-reuse safe
server nextcloud_Host 172.17.17.5:443
# Backend: acme_challenge_backend (Added by Let's Encrypt plugin)
backend acme_challenge_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# tuning options
timeout connect 30s
timeout server 30s
http-reuse safe
server acme_challenge_host 127.0.0.1:43580