5/3/2023 0 Comments Pfsense haproxy![]() I used the default jail template and enabled unionfs rather than nullfs. I configured a jail for my nginx server under Services > Jails, giving the new jail the same hostname and IP address of the virtual IP alias which I had HAproxy running on. Using the pfsense web interface, I installed the pfsense PfJailctl package and the "jail_template" package under System > Packages so I could create a FreeBSD jail under which to compile and install nginx on the pfsense system. Here's the specific steps I used to make this work on my pfSense router: Or should I drop all this and just use nginx?įor anyone else who finds this question, I followed Ochoto's advice and used nginx. ![]() How can I use HAproxy to load balance across a number of SSL servers, allowing those servers to both know the client's IP address and know that SSL is in use? And if possible, how can I do it on my pfSense server? But the biggest issue which killed that idea was that stunnel converted the HTTPS requests into plain HTTP requests, so PHP didn't know that SSL was enabled and tried to redirect to the SSL site. also, this apparently kills my ability to use KeepAlive requests, which I would really like to keep. ![]() However, the package which I could install into pfSense does not add this header. So, I added stunnel in front of HAproxy, reading that stunnel could add the X-Forwarded-For HTTP header. For SSL requests, I had HAproxy distributing the requests using TCP load balancing, and it worked however since HAproxy didn't act as a proxy, it didn't add the X-Forwarded-For HTTP header, and the Apache / PHP servers didn't know the client's real IP address. +-> įor HTTP requests this works great, requests are distributed to my Apache servers just fine. I have the following setup: (internet) -> /->
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |