OPNSense
- HAProxy Simple Configuration for local webserver
- Adguard Home communications error to 127.0.0.1#53: connection refused
- Disable IPv6 in OPNSense
- How to enable the HAProxy statistics page in OPNsense
HAProxy Simple Configuration for local webserver
Parameters for this setup
Local webserver is on ip address 192.168.1.200 and uses port 80
Step 1: Define a Real server
- Name: anything you like to recognize the webserver
- IP address: The IP address of the internal webserver e.g. 192.168.1.200
- Port: 80
- SSL: disable
- Define a Virtual service->Backend Pool
- Name: anything you like
- Servers: The server you defined in the step 1 (remember to press TAB after entering server name)
Step 2: Define a condition:
-
- Name: anything you like
- Condition: Host contains or you can use any other condition to match like Host matches and use the full url.
- Host string = Anything to recognize the URL or the full url in case of host matches.
- Name: anything you like
Step 3: Define a rule
- Name: anything you like
- Select Conditions: Select the webserver from the dropdown menu
- Under HAProxy function > Execute function: Use specified Backend Pool
- Use backend pool: Select the backend Pool from the drop down menu
Step 4: Define a Virtual Service
Under Public Service:
- Name: anything you like
- Listen addresses: 0.0.0.0:443 (TAB)
- Enable SSL offloading: Checked
- Default backend pool: Select from dropdown menu (TAB)
- Certificate: your Let's Encrypt certificate
- Under Advanced settings:
- Select rules: The rule you made earlier
- Select rules: The rule you made earlier
Adguard Home communications error to 127.0.0.1#53: connection refused
When you cannot update OPNsense and you see an error in a SSH session when you try to run:
root@OPNsense:~ # dig @127.0.0.1 -p 53 google.com
dig @127.0.0.1 -p 53 google.com
You probably have a wrong binding in the Adguard config file.
To solve this issue:
nano AdGuardhome.yaml
cd /usr/local/AdGuardHome
Change the bind (from a local ip address) to:
dns:
bind_hosts:
- 0.0.0.0
Then restart Adguard Home
Disable IPv6 in OPNSense
Set IPv6 on all interfaces on ' None' and also remove the ' Allow IPv6' vinkje.
Remove also the ' Allow IPv6' rule in de firewall rules:
How to enable the HAProxy statistics page in OPNsense
Step 1: Edit Global Settings
In the left-hand menu, go to Services , select HAPproxy and then and then Settings.
-
- Under the Settings tab, locate the Global Parameters
- Enable ' Advanced Mode' on the top left of the page
- Add or modify the following configuration line in the “Custom Options” field (on the bottom of the picture):
This enables a UNIX socket for administrative purposes.stats socket /var/run/haproxy.socket group proxy mode 775 level admin
Step 2: Configure Statistics in Frontend Settings
-
- Go to Virtual Servers in the Top menu
- Click the + sign and add a new Public Service: 'StatsFrontend'
- In this frontend, configure it as follows:
- Set Name: StatsFrontend
- Set Listen Adressess: set to local IP address of OPNsense (e.g. 192.168.2.1) with the default port 8822
- Set Type to default HTTP/HTTPS (SSL offloading) [default]
- Scroll all the way down to “Advanced Settings”, add these lines in the “Option Pass-through” field:
-
-
-
Replace admin with your desired username and password with a strong password.stats enable stats uri /haproxy?stats stats realm Haproxy\ Statistics stats auth admin:password123
- Click on “Save” and then apply changes by clicking on “Apply”.
-
-
Step 3: Configure Firewall Rules
-
Allow Access to the Statistics Port:
- Navigate to Firewall > Rules > LAN
- Create a new rule with these parameters:
- Action: Pass
- Protocol: TCP
- Destination: This Firewall
- Destination Port Range: Other and the 8822
- Description: Access the Statistics page
- Leave everything else to the default values
- Save the rule and click on “Apply Changes”.
- Navigate to Firewall > Rules > LAN
Step 4: Test Access to the Statistics Page
- Open a web browser from a device allowed by your firewall rules.
- Enter the URL for accessing statistics, such as:
http://192.168.2.1:8822/haproxy?stats
Enter the username and password you configured earlier when prompted.
If everything is configured correctly, you should see HAProxy’s statistics page displaying real-time data about connections, backends, frontends, etc.