OPNSense

• HAProxy Simple Configuration for local webserver
• Adguard Home communications error to 127.0.0.1#53: connection refused
• Disable IPv6 in OPNSense
• How to enable the HAProxy statistics page in OPNsense

HAProxy Simple Configuration for local webserver

Parameters for this setup

Local webserver is on ip address 192.168.1.200 and uses port 80

Step 1: Define a Real server

• Name: anything you like to recognize the webserver
  
• IP address: The IP address of the internal webserver e.g. 192.168.1.200
• Port: 80
• SSL: disable

1. Define a Virtual service->Backend Pool
   • Name: anything you like
   • Servers: The server you defined in the step 1 (remember to press TAB after entering server name) 

Step 2: Define a condition:

• • Name: anything you like
    
  • Condition: Host contains or you can use any other condition to match like Host matches and use the full url.
    
  • Host string = Anything to recognize the URL or the full url in case of host matches.
    

Step 3: Define a rule

• Name: anything you like
• Select Conditions: Select the webserver from the dropdown menu
• Under HAProxy function > Execute function:  Use specified Backend Pool
• Use backend pool: Select the backend Pool from the drop down menu
  

Step 4: Define a Virtual Service

Under Public Service:

• Name: anything you like
• Listen addresses: 0.0.0.0:443 (TAB)
• Enable SSL offloading: Checked
• Default backend pool: Select from dropdown menu (TAB)
• Certificate: your Let's Encrypt certificate
• Under Advanced settings: 
  • Select rules: The rule you made earlier
    

Adguard Home communications error to 127.0.0.1#53: connection refused

When you cannot update OPNsense and you see an error in a SSH session when you try to run:

root@OPNsense:~ # dig @127.0.0.1 -p 53 google.com

dig @127.0.0.1 -p 53 google.com

You probably have a wrong binding in the Adguard config file.

To solve this issue:

nano AdGuardhome.yaml

cd /usr/local/AdGuardHome

Change the bind (from a local ip address) to:

dns:
  bind_hosts:
    - 0.0.0.0

Then restart Adguard Home

Disable IPv6 in OPNSense

Set IPv6 on all interfaces on ' None' and also remove the ' Allow IPv6' vinkje.

Remove also the ' Allow IPv6' rule in de firewall rules:

How to enable the HAProxy statistics page in OPNsense

Step 1: Edit Global Settings

In the left-hand menu, go to Services , select HAPproxy and then and then Settings.

• • Under the Settings tab, locate the Global Parameters
  • Enable ' Advanced Mode' on the top left of the page
  • Add or modify the following configuration line in the “Custom Options” field (on the bottom of the picture):

     

    stats socket /var/run/haproxy.socket group proxy mode 775 level admin 

    This enables a UNIX socket for administrative purposes.

Step 2: Configure Statistics in Frontend Settings

• • Go to Virtual Servers in the Top menu
  • Click the + sign and add a new Public Service: 'StatsFrontend'
  • In this frontend, configure it as follows:
    • Set Name: StatsFrontend
    • Set Listen Adressess: set to local IP address of OPNsense (e.g. 192.168.2.1) with the default port 8822
      
    • Set Type to default HTTP/HTTPS (SSL offloading) [default]
      
    • Scroll all the way down to “Advanced Settings”, add these lines in the “Option Pass-through” field:

1. • • stats enable
       stats uri /haproxy?stats
       stats realm Haproxy\ Statistics
       stats auth admin:password123

       Replace admin with your desired username and password with a strong password.
     • Click on “Save” and then apply changes by clicking on “Apply”.

---

Step 3: Configure Firewall Rules

1. Allow Access to the Statistics Port:

   • Navigate to Firewall > Rules > LAN
     
   • Create a new rule with these parameters:
     • Action: Pass
     • Protocol: TCP
     • Destination: This Firewall
       
     • Destination Port Range: Other and the 8822
     • Description: Access the Statistics page
     • Leave everything else to the default values
     • Save the rule and click on “Apply Changes”.

---

Step 4: Test Access to the Statistics Page

1. Open a web browser from a device allowed by your firewall rules.
2. Enter the URL for accessing statistics, such as:

http://192.168.2.1:8822/haproxy?stats

Enter the username and password you configured earlier when prompted.

If everything is configured correctly, you should see HAProxy’s statistics page displaying real-time data about connections, backends, frontends, etc.