Actions
Bug #9191
closed
Cannot use HAProxy due to WebGUI
Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
Web Interface
Target version:
-
Start date:
12/11/2018
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
Description
Entering this as a bug since as it prevents standard use functionality. Suspect that this issue exists across all versions and architectures as it's a configuration capability.
Issue:- WebGUI listens on all interfaces, on port 443.
- WebGUI has no option to reduce listener to only specified interface(s) - such as a dedicated Management NIC.
- HAProxy cannot bind to port 443 on any interface to service standard HTTPS requests as the WebGUI binds to port 443 on all interfaces (inherently creates potential for inadvertent GUI exposure).
- WebGUI should not be forced to run on a non-standard port, to use HAProxy - it should be different interfaces.
- Non-standard port bindings are problematic for numerous reasons.
- WebGUI configuration should support the ability to limit binding to specific interface(s).
- There are pros and cons: full functionality and inherently increased security v. potential to lock oneself out of the GUI (ssh/console based recovery? eg: menu option to restore WebGUI to all interfaces and reboot - enabling the user to resolve the problem)
Updated by Jim Pingle over 5 years ago
- Status changed from New to Duplicate
Duplicate of #628
And it's really not a problem for HAProxy at all. There is no problem with binding haproxy to an alternate port and forwarding WAN:443 to haproxy. We do this all the time in a number of places and it works perfectly. Discuss on the forum for more details.
Actions