Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - PiBa

Pages: [1] 2 3 4 5 ... 59
1
Cache/Proxy / Re: haproxy config
« on: Yesterday at 03:00:01 pm »
Some rewrite rules can be made in the gui with 'actions' but they are a bit limited and well manually writing them might actually be easier.. Also there is a option to use custom actions and advanced backend pass thru options to write parts of the config 'manually'..

There is not really a way to manually manage the complete config. Also because of adding certificates and using the 'test' and 'actual' config folders would be troublesome when manually trying to create/manage the config files, what paths would one use to include lists with subnets/IPs or certificates..

Unless of-course if you want to go 100% off the gui managed functionality completely manage haproxy outside the gui with custom scripts and config files.. That probably has some downsides to though..

2
Packages / Re: [HAProxy] HTTP Basic Auth
« on: April 22, 2018, 09:15:21 am »
Can you share the haproxy.conf from bottom of settings tab? The lines 'should' work.. Or perhaps the webserver itself replies with a authentication request as well? And then either haproxy or webserver doesnt like the send credentials.?.

3
Cache/Proxy / Re: HAproxy 1.8.0
« on: April 19, 2018, 03:22:47 pm »
Okay 1.8.8 is released and available 8). Can you try it out without the nokqueue setting ?

4
Cache/Proxy / Re: HAProxy Port 80 Only for Let's Encrypt
« on: April 19, 2018, 12:07:03 pm »
Perhaps you could add a acl? 'Path starts with' : '/.well-known.....'

5
Cache/Proxy / Re: HAProxy as SSL Reverse Proxy Behind Single IP
« on: April 17, 2018, 11:43:47 am »
Perhaps YOU can post your latest configs.? Then maybe we can tell what might be wrong.?

*And anyhow starting a new topic would probably be better than resurrecting a 2 year old topic.

6
Cache/Proxy / Re: HAproxy 1.8.0
« on: April 14, 2018, 09:47:42 am »
Somehow the kqueue poller code is 'broken' in apparently several ways.. I'm trying to get Willy (or anyone with proper C++ coding knowledge) to take a look at it :) (check mailing-list of haproxy there are some mails of me past few days). But its a 'work in progress' at the moment.

7
Cache/Proxy / Re: HAproxy 1.8.0
« on: April 14, 2018, 07:19:56 am »
Not really any good ideas a.t.m. struggling with a other issue myself where a page using NTLM authentication just fails to load at all.. For me the 'workaround' of using the option 'nokqueue' in global settings fixes that issue. Can you try that? Though kqueue 'should' perform better.. Can you report back if that indeed 'fixes' it?

8
Cache/Proxy / Re: HAProxy and using SNI on backends
« on: April 12, 2018, 12:59:15 pm »
Well check-sni depends on 1.8 so probably when upstream BSD ports decides to switch the 'haproxy' port to 1.8 and then a little while after that..

1.7 supports 'sni' on backend server line
1.8 supports 'sni' and 'check-sni' on backend server line

'sni' on frontend bind line is supported by both..

9
Cache/Proxy / Re: HAproxy 1.8.0
« on: April 09, 2018, 12:40:45 pm »
Okay 0.56 haproxy-devel package with 1.8.7 is available now through normal pfSense packages.

10
Cache/Proxy / Re: HAProxy Cloudflare SSL Problems
« on: April 07, 2018, 05:12:04 pm »
On the frontend you chose mode:'http/https(offloading)' however behind the 443 port you dont have the offloading checkbox set. Should probably check that.
Then also when enabling that make sure to configure certificates to use at the bottom of the frontend.

11
Cache/Proxy / Re: HAproxy 1.8.0
« on: April 06, 2018, 05:44:51 pm »
And now 'haproxy-1.8.7' has just arrived upstream.. Now i expect/hope it will stick to that for a while.

12
Happened once after upgrade to a new dev version i think.. ive transmitted something similar(didnt care to store the error so not 100% sure it was the same).

Or does it happen again for you afterwards.? Ive not seen it again yet..

13
DHCP and DNS / Re: Local DNS requests not going through haproxy?
« on: April 04, 2018, 03:46:20 pm »
Why are you using hostoverrides? If haproxy listens on the wan-ip, and the domainname resolves to that wan-ip, then the request should be handled by haproxy..?
And if your using different subnets for clients and servers, there is little that can stand in the way.. (Otherwise try and disable transparent-client-ip if you have that set on the backend..)

14
Cache/Proxy / Re: Haproxy basic question
« on: April 04, 2018, 01:01:09 pm »
Okay well, as i wrote, haproxy can do it.. Have you added the configuration options? check-sni and sni .?

15
Cache/Proxy / Re: Haproxy basic question
« on: April 03, 2018, 12:48:04 pm »
Haproxy can likely do it, but what site will you perform the health-check against.? And if that single site fails, all other sites on that same server would be taken down as well. Not sure if that is the best way to handle such a thing.?. But that is for you to decide :).

Its possible to add these options in the webgui into the advanced field of the server configuration:
http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-check-sni
http://cbonte.github.io/haproxy-dconv/1.8/snapshot/configuration.html#5.2-sni

Pages: [1] 2 3 4 5 ... 59