• HAproxy exposing only pfSense’ ip address at hosts log

    3
    0 Votes
    3 Posts
    719 Views
    G

    @viragomann said in HAproxy exposing only pfSense’ ip address at hosts log:

    @gschmidt
    You can run HAproxy in transparent reverse mode. It can be enabled in the backend advanced settings.

    Thanx, I will have a look at it!

    Update: sadly not an option, I also want to access the domotica web app inside my network (I have only one subnet)...

    I will ask first at the Domoticz forum if it is possible to retrieve the ip address from the header with a script...thanx

  • HAproxy on pfSense 21.02.2-RELEASE failover not working for some hosts

    1
    0 Votes
    1 Posts
    313 Views
    No one has replied
  • HAproxy and Cloudflare DNS (522 error)

    2
    0 Votes
    2 Posts
    2k Views
    G

    I already figured it out.

    Changed 2 options in my Cloudflare account

    b530eb2a-a2e9-4ec9-87eb-620378256273-image.png

    Under SSL/TLS menu:
    Overview
    Default setting was Flexible, but needs to be Full(Strict)

    Edge Certificates
    I had checked "Always use HTTPS" to ON....but needs to be OFF

    Thats it...I think it was the HTPPS trick...because in HAproxy I use SSL Offloading and HTTP to access the Host

  • Can HAproxy refresh sessions?

    1
    0 Votes
    1 Posts
    230 Views
    No one has replied
  • HA Proxy HTTPS offloading not working

    1
    0 Votes
    1 Posts
    222 Views
    No one has replied
  • HAproxy on pfsense, HAproxy in front of traefik

    5
    0 Votes
    5 Posts
    2k Views
    S

    @joulester The short version is it just worked. Especially if you don't need the certificate part, it just works. To give me an idea how to be more helpful than just saying it works, is there a step you have a question about?

  • Random short periods of offline in https outlook.office.com

    1
    0 Votes
    1 Posts
    298 Views
    No one has replied
  • Can't configure HAProxy (or pfsense)

    2
    0 Votes
    2 Posts
    550 Views
    V

    @valepe69 Fixed.
    Having a Multi-WAN configuration all was screwed up by the bug of the 2.5.1 release.
    Reloaded the 2.5.0 and the same configuration works great.

  • How to config Synology NAS through HAproxy

    1
    0 Votes
    1 Posts
    341 Views
    No one has replied
  • ACME/HAproxy settings for Domoticz client not working

    9
    0 Votes
    9 Posts
    1k Views
    G

    @piba

    I have a question about the 503 error page.

    If somebody is accessing my WAN IP adress (e.g. https://67.46.29.83:443) instead of my domain name, HAproxy shows a 503 error page, Is this normal behaviour of HAproxy?

    If so, this is nice because I want to block access to WAN ip, but is it also possible to modify the header and content of the 503 page?

  • multiple HAproxy entries under status -> services

    1
    0 Votes
    1 Posts
    298 Views
    No one has replied
  • Squid upload blocking with multiple subnets

    2
    0 Votes
    2 Posts
    463 Views
    KOMK

    @vijay7 How are you doing the upload blocking?

  • HAProxy's ACLs not working as expected

    5
    0 Votes
    5 Posts
    1k Views
    H

    @rupesh

    According to the hint written in the IP Alias creation form, it does.

    Hint : Enter as many hosts as desired. Hosts must be specified by their IP address or fully qualified domain name (FQDN). FQDN hostnames are periodically re-resolved and updated. If multiple IPs are returned by a DNS query, all are used. An IP range such as 192.168.1.1-192.168.1.10 or a small subnet such as 192.168.1.16/28 may also be entered and a list of individual IP addresses will be generated.

    The thing is, when re-doing the DNS resolution, pfSense may be fooled by a DNS cache. If it probes a DNS that has the old record in cache and does not re-probe the SOA, the new IP will not be detected. As such, the delay after an IP address changed is :
    --Time for the client to update its records (can be as quick as instant or longer)
    --Time for the previous record to be purged from the cache in the DNS server probed by pfSense
    --Time for pfSense to renew the IP alias

    After all of these delays, then the alias will be updated. It can be very long, some DNS cache may last for 30 days, but at a certain moment, it will happen.

    Regards,

  • SquidGuard Error Redirect

    1
    0 Votes
    1 Posts
    213 Views
    No one has replied
  • Haproxy ACL combine

    3
    0 Votes
    3 Posts
    350 Views
    R

    @piba thankyou piba, you are a savior.

  • HaProxy with custom ACL

    1
    0 Votes
    1 Posts
    742 Views
    No one has replied
  • SSL Man in the middle Filtering / PFsense

    1
    0 Votes
    1 Posts
    449 Views
    No one has replied
  • Issue with squid cache download speed

    2
    0 Votes
    2 Posts
    596 Views
    A

    Ok after playing around with it and clearing the states a few times a rebooting it seems to be working now. Will see if the issue happens again

  • HAProxy is running, but backend is down in stats and cannot access server

    7
    0 Votes
    7 Posts
    4k Views
    H

    @TGill,

    HAProxy is testing over HTTP/1.0 while your curl is using HTTP/1.1. That may very well be the difference between the two tests and the two results.

    You can try something like
    HTTP/1.1\r\nHost:\ hostname.domain.lan

    in the "Http check version" box in your backend's configuration.

  • Squid Guard changes only apply after system reboot

    3
    0 Votes
    3 Posts
    472 Views
    B

    @kom That did the trick! I knew it was something simple I was overlooking. Thanks for the help!

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.