OPNSense HAProxy - Web not routing properly

Hey, I’m pretty new to HAProxy. I have HAProxy for OPNSense installed. I need to route the websites like this:

aaa.website.com → 10.0.0.20:3000
bbb.website.com → 10.0.0.20:9001

I’ve followed through a tutorial that uses HAProxy’s GUI, but it doesn’t work like it should’ve. When I go to either URL, it always redirects to 10.0.0.20:9001.

Here’s what I find so far.

  • When I disable the bbb.website.com routing, it goes to 10.0.0.20:3000 insteal.
  • Nothing changes when I change the conditions between “Host matches”, “Host starts with”, and “Path starts with”

Here’s the config file it generates. Hope you guys can help me figure this out. Where do I do wrong? Thank you.

#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbproc                      1
    nbthread                    1
    hard-stop-after             60s
    no strict-limits
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: aaa.website-frontend ()
frontend aaa.website-frontend
    bind <public ip>:443 name <public ip>:443 ssl  crt-list /tmp/haproxy/ssl/62860e9ae771b1.85868225.certlist 
    mode http
    option http-keep-alive
    default_backend aaa.website-pool
    # remove quotes from persistence cookie
    http-request replace-header Cookie '^(.*?; )?(SRVCOOKIE=)"([^;"]*)"(;.*)?$' \1\2\3\4
    option forwardfor
    # tuning options
    timeout client 30s

    # logging options
    # ACL: aaa.website-condition
    acl acl_6285f09d52c084.11538800 hdr(host) -i aaa.website.com

    # ACTION: aaa.website-rule
    use_backend minio-pool if acl_6285f09d52c084.11538800

# Frontend: bbb.website-frontend ()
frontend bbb.website-frontend
    bind <PUBLIC IP>:443 name <PUBLIC IP>:443 ssl  crt-list /tmp/haproxy/ssl/628b4dc076fb31.08116587.certlist 
    mode http
    option http-keep-alive
    default_backend bbb.website-pool
    # remove quotes from persistence cookie
    http-request replace-header Cookie '^(.*?; )?(SRVCOOKIE=)"([^;"]*)"(;.*)?$' \1\2\3\4
    option forwardfor
    # tuning options
    timeout client 30s

    # logging options
    # ACL: bbb.website-condition
    acl acl_628b4d6be9ca63.54049274 hdr(host) -i bbb.website.com

    # ACTION: bbb.website-rule
    use_backend bbb.website-pool if acl_628b4d6be9ca63.54049274

# Backend: aaa.website-pool ()
backend aaa.website-pool
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m  
    cookie SRVCOOKIE prefix
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server AAAWebsite 10.0.0.20:9001 cookie 6285ea40a5676578102176

# Backend: bbb.website-pool ()
backend bbb.website-pool
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m  
    cookie SRVCOOKIE prefix
    # tuning options
    timeout connect 30s
    timeout server 30s
    http-reuse safe
    server BBBWebsite 10.0.0.20:3000 cookie 628b4c8a370ce282698357

1 Like

It’s a while…
Could you make it work?
I’m struggling with the same issue.