统计数据已禁用

统计数据已禁用

我是 OPNsense/HAProxy 的新手,努力了三天多的时间才让它工作起来,但不幸的是没有任何成果。

简而言之,尝试实现这种逻辑:

专用服务器(Proxmox VE/1 公共 IP)->(NAT)OPNsense + HAProxy -> 连接到 OPNsense LAN 接口的其他虚拟机。

配置Proxmox 服务器如下:

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

auto enp0s31f6
iface enp0s31f6 inet static
        address 94.130.x.x/26
        gateway 94.130..x.x

auto vmbr0
iface vmbr0 inet static
        address 10.10.10.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o enp0s31f6 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o enp0s31f6 -j MASQUERADE
        post-up   iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1

auto vmbr1
iface vmbr1 inet static
        address 172.16.0.1/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0

好的,这样就创建了新的 VM(OPNsense),并按如下方式安装和配置它:

  • WAN -> vtnet0(桥接到 Proxmox 服务器上的 vmbr0)
  • LAN -> vtnet1(桥接到 Proxmox 服务器上的 vmbr1)
  • WAN 配置10.10.10.10/24
  • LAN 配置172.16.0.1/24
  • LAN 上的 DHCP 服务器,172.16.0.2-172.16.0.254

现在服务器部分:

  • 虚拟机 1

VM #1(Ubuntu 服务器)运行 OpenLiteSpeed Web 服务器example.com并使用 Postfix/Dovecot 用于电子邮件,并连接到 vmbr1(OPNsense 的 LAN 连接到 Proxmox vtnet1)Ubuntu 服务器通过 OPNsense DHCP 成功获取 IP(IP 172.16.0.2、网关172.16.0.1)。

VM #2 VM(Ubuntu 服务器)配备 OpenLiteSpeed Web 服务器,运行 anotherexample.com 和 Postfix/Dovecot 用于电子邮件目的,并连接到 vmbr1(OPNsense 的 LAN 连接到 Proxmox vtnet1)Ubuntu 服务器通过 OPNsense DHCP 成功获取 IP(IP 172.16.0.3,网关172.16.0.1)。

两台虚拟机都通过 OPNsense LAN 连接,并能够成功与公共互联网通信。

example.com 的 CloudFlare DNS:

A Record example.com pointing to Public IP of Proxmox Server ->
94.130.x.x

创建了一些 iptables 规则,以便从公共 IP 到本地 OPNsense 和 HAProxy 进行通信:

对于 OPNsense:

iptables -t nat -A PREROUTING -p tcp --dport 10443 -j DNAT --to-destination 10.10.10.10:10443
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.10.10.10:443

HAProxy 配置:

#
# Automatically generated configuration.
# Do not edit this file manually.
#

global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    1
    hard-stop-after             60s
    no strict-limits
    tune.ssl.default-dh-param   2048
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: Public_Facing_Pool ()
frontend Public_Facing_Pool
    bind *:443 name *:443  proto h2 
    bind *:80 name *:80  proto h2 
    mode http
    option http-keep-alive
    maxconn 500

    # logging options
    # ACL: Web-Server
    acl acl_65baf2832edf80.37086579 hdr_beg(host) -i example.com

    # ACL: Web-Server1
    acl acl_66baf2832edf80.37086579 hdr_beg(host) -i anotherexample.com

    # ACTION: Web-Server
    use_backend Web-Server if acl_65baf2832edf80.37086579

    # ACTION: Web-Server
    use_backend Web-Server1 if acl_66baf2832edf80.37086579

# Backend: Web-Server ()
backend Web-Server
    # health checking is DISABLED
    mode http
    balance roundrobin

    http-reuse safe
    server Web-Server 172.16.0.2:443 

# Backend: Web-Server1 ()
backend Web-Server
    # health checking is DISABLED
    mode http
    balance roundrobin

    http-reuse safe
    server Web-Server 172.16.0.3:443 

# Backend: acme_challenge_backend (Added by ACME Client plugin)
backend acme_challenge_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    http-reuse safe
    server acme_challenge_host 127.0.0.1:43580

统计数据已禁用


Trying to open in browser `example.com` or `anotherexample.com` it fails to open.

What am I missing?

相关内容