HAProxy to pfsense webui
-
Hi,
I have haproxy setup to reverse proxy (both :80 and :443) to several servers successfully however I have been trying to also use haproxy to reverse proxy to pfsense web ui with no success.pfsense is set to port 443.
FrontEnd:
SSLSharedFrontend, WAN, 443, Type ssl/https.
– pfSenseFrontEnd, Primary SSLSharedFrontend, ACL set to "SNI TLS Matches pfsense.mydomain.com, Action uses backend pfsenseBackend.Backend:
pfsenseBackend, 127.0.0.1, 443, SSL no, HealthCheck none, Use client-ip.Under Firewall Rules I have tried several settings the latest being
LAN: ipv4, *, *, 127.0.0.1, 443, *, none
WAN: ipv4, *, *, WAN address, 443, *, noneand I disabled the previous pfsense remote access working port forward :8080 to :443
No matter what I try I get a 503 Service Unavailable when I access the domain from an external network (ie mobile phone).
Has anyone managed to do this successfully or have any advise on what I'm doing wrong.
Thanks
Blendin_Blandin -
Hi Blendin_Blandin,
Have you tried without the 'Use client-ip.' ?
If you enable healthchecking it does show success on the stats page.?
Regards,
PiBa-NL -
Hi PiBa,
I thought I had tried that before so not sure why it works now but once I disabled client-ip it works. Its complaining about the ssl certificate so I need to deal with that next but its progress.As per health check I have only been able to get basic to work with pfsense.
Thanks
-
Hi Blendin_Blandin,
For HTTP health checks you can do the following:
- enable 'ssl' on the backend server
- Http check method : HEAD
Though i would probably set a very low check frequency (once a minute or so.?.) or maybe not check at al..
As for the certificate, as your passing the traffic with mode tcp so haproxy doesnt need any additional settings there, a valid certificate needs to configured for the webgui though for the name your typing in the browser.
Regards
PiBa-NL