Not from the gui or in any way that officially supported.

You can specify the log storage location in the syslog-ng package so use that to store it. You still need to forward logs to it from the normal syslogs though. And mounting a different disk for that requires some custom script.

@viragomann Just a update.

They called me back. There recommendation is to have a PPPoE server that passes through the IPs.

@Tony-Soprano It is not very easy to Proxy SMTP and IMAP with Haproxy and will cause adnormal problems. But you would need to enable Proxy in Postfix main.cf.

Personally I would not bother.

I would use Haproxy for Webmail & ActiveSync on Port 443 then for SMTP 25. 587 and IMAP 993 I would put them under NAT instead.

Depending how many Static IPs you have too.

I would configure mx1 on Public IP 01 and mx2 on Public IP 02 then configure relay from mx2 to mx1. Make sure you have PTR Records added by your ISP too.

Regards

@correajl thank you for the reply.
I thought that you found a way to set different advbase values on both nodes.

Anyway I found my issues, and it was not the same as yours - as I am not very familiar with netgear switches I missed that storm-control was enabled for multicast.
The storm-control became the root cause for the issue.

Hello, can someone help? thanks

@manu77 I just tested with RDP and did not get dropped at your step 3...

@kiokoman said in HAProxy: 503 errors on 2 domains:

@oguruma
HAproxy 503 Service Unavailable No server is available to handle this request is passed when the http check fail for some reason even if the service is up and running

like in this post https://serverfault.com/a/886319

you need to adjust that option in a way that it receve a valid response from the server or disable httpchk

Thanks again for the help. I got it working by deleting both the frontends and the backends for the not-working domains and recreating them, making sure to disable health checks from the outset when creating the backends.

One thing that is curious is that I re-installed ERPNext on separate, vanilla VM and pointed the backend to that new VM with healthcheck enabled, and it worked fine...

Hi,

same problem here after upgrading from 2.6 to 2.7.2,
Certificate manager don't fill 'In use' column for some of the certifcates used by HAProxy.

Anyone has an explanation or solution?

Thanks

@ironwood Ok, I found the solution, or rather, ChatGPT found the solution. Under System > Advanced > Admin Access, there is a setting called WebGUI Login Redirect. This is the description:

When this is unchecked, access to the webConfigurator is always permitted even on port 80, regardless of the listening port configured. Check this box to disable this automatically added redirect rule.

The redirect is enabled for port 80 by default and was conflicting with the http to https redirect I had set up in HAproxy a long time ago. I check the box to disable it, saved, enabled my redirect and voila, it works!

I'm guessing this was either a new feature in 23.09.1 or it I had it checked before and it "unchecked" itself? Would be interested in finding if that setting exists in earlier versions if anyone hasn't upgraded.

@kiokoman said in CARP Mode Multicast / Unicast ?:

@Yathus
indeed, if you can't use multicast., peer address is the second node for primary pfsense and vice versa for secondary pfsense
forget about PFSYNC interface it is used only for configuration synchronization and pfsync state synchronization

I made a test, i create a "Virtual IP" on primary pfsense and i put IP from secondary on "peer IP" and it's working. I create only on the primary node, nothing on second node, Sync did the job.

@thomast32
KEA doesn't support HA at this time.

Does nobody know or have any ideas? I am really stuck on this.

@SteveITS And that is what is strange...the rules on the primary firewall are there...and for that matter ALL the rules for all the interfaces are there and not overwritten or deleted...just the HA ones. And I don't change any of the rules on the prmary as it relates to HA.

@SteveITS the carp began to work after entering the second gateway in first High Availability option

thanks!)

@Daniel_Hyde
Yes, as the hint there is mentioning.
This setting needs only to be made on the primary.