OpenWRT reverse Proxy terminating SSL


#1

I’m new to HAProxy and am trying to configure the following:

(1)External HTTPS request-> (2)Home Router -> (3)HAProxy running on OpenWRT ->(4)“Server” on ESP8266 device

(1) The external request will ultimately be coming from WebHooks in IFTTT but for now I’m just trying the request from a web browser

(2) The home router does not have a fixed IP so I’m using NoIP.com ddns to give me a fixed public url (ianpublic.ddns.net:8081). I’ve confirmed I can get through the router using NAT to the ESP server (192.168.1.80:81) - without the HAProxy in the loop.

(3) I’ve installed HAProxy v1.7.8 on a OpenWRT router on the internal private network and redirected the public router NWT entry at it. This will need to terminate the SSL but for now I’d be happy just getting some traffic to pass through HAproxy.

(4) The ESP is a small Wifi enabled device which has a minuscule server running on it. It’s not powerful enough to terminate the SSL itself.

As I said - Step one is to just get HAProxy passing through. Here’s my config file:

global
maxconn 4096
daemon
uid 0
gid 0

defaults
mode http
option forwardfor
log 127.0.0.1 local0 notice
maxconn 2000
timeout connect 5000
timeout client 50000
timeout server 50000
listen my_http_proxy
#frontend http
bind :8081

cookie SERVERID insert nocache
server st1 192.168.1.80:81

I’m not getting any debug info out on the console when using “-D” so I’m really struggling to understand what’s going on. Any help appreciated


#2

-D means daemon note, not debug mode. lowercase -d is debug mode.

Kill the existing daemons that are now running in the background, and use the -d argument. Really do make sure that you don’t have existing processes running in the background.


#3

Lukasribus My first response was going to be “I misstated and I was using -d” :-). But I tried it and now I have a trace and cleared up some errors.
So with this config file I have basic passthru working.

I’ll try to plug SSL in tomorrow night.
Any pointers for doing this in my scenario greatly appreciated


#4

Add ssl crt /path/to/certificate-and.key.pem to the bind line.

You can find some configuration suggestions for secure ssl config here.