plugins icon indicating copy to clipboard operation
plugins copied to clipboard
verified publisher icon opnsense

net/haproxy: integration with crowdsec plugin

Open cookiemonsteruk opened this issue 4 months ago • 6 comments

Important notices Our forum is located at https://forum.opnsense.org , please consider joining discussions there in stead of using GitHub for these matters.

Before you ask a new question, we ask you kindly to acknowledge the following:

  • [X] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
  • [X] I have searched the existing issues, open and closed, and I'm convinced that mine is new.

Hi. I searched and could not find this question. I want to use the haproxy_spoa engine from crowdsec. To do it, I need to create a .conf to be read in by haproxy when it reads its own haproxy.conf at start/restart.

haproxy documentation says it is possible to use multiple -f when starting haproxy however to me it seems it is better, as in less complicated, to plumb it into the haproxy plugin, to find a way to make the reference into the current haproxy.conf How can I do this? So far I've been unable to by using the +TARGET template from the opnsense documentation. Probably because I don't know where to place the new .conf file

cookiemonsteruk avatar Sep 05 '25 15:09 cookiemonsteruk

More specifically I tried this: In: /usr/local/opnsense/service/templates/OPNsense/HAProxy/+TARGETS I added mytest.conf:/usr/local/etc/haproxy/mytest.conf and added the file mytest.conf in this same directory i.e. alongside +TARGETS and sslCerts.yaml then issued $sudo configctl template reload OPNSense/HAProxy the result is ERR.

cookiemonsteruk avatar Sep 05 '25 16:09 cookiemonsteruk

Even an idea on what I can read to find a way would be most welcome :)

cookiemonsteruk avatar Oct 02 '25 21:10 cookiemonsteruk

@fraenki - any chance of having a think on this please? Solution would be ideal of course but a pointer to what I can do in the meantime as a workaround would be most helpful, if at all possible.

cookiemonsteruk avatar Oct 09 '25 11:10 cookiemonsteruk

@cookiemonsteruk I can't spend any time on this right now. I'll consider this a a feature request for proper integration with crowdsec, which sounds useful, but needs time to do it the right way.

fraenki avatar Oct 09 '25 11:10 fraenki

It is fair @fraenki . I imagine there aren't many users that need this hence I was hoping to have a tactical way of achieving it . I understand and respect your approach of course. Meantime if you get an inspiration on how (again tactical way) then I'll be all ears. Have a good day.

cookiemonsteruk avatar Oct 09 '25 11:10 cookiemonsteruk

Just keeping it alive

cookiemonsteruk avatar Nov 24 '25 22:11 cookiemonsteruk