Trouble actually hitting the correct applet from external connection
-
@menethoran and again useless rules. How would the source port be 443? that would never be the case.
And how would the dest be 192.168.2.2 and natted to 192.168.2.2 to 3579, remove that rule as well.
Lets see your frontend of haproxy setup.
-
@johnpoz when you ask "did you remove pfsense from listening on port 80 and 443" do you mean, did i change the port used to access the pfsense gui? if so, yes. (is that problematic?)
-
@menethoran well if pfsense listening on 80, and your trying to use haproxy on 80, then yeah kind of a problem ;)
Make sure you remove the 80 redirect that pfsense gui uses.
-
@johnpoz so... ok, bigger problem (im assuming temporary).
I locked myself out of PfSense. I change my webgui port to 10080 without realizing that its "a dangerous port" (was just an easy quick port to set up that stopped it from using 80)...
what do i do?
-
@menethoran what do you mean dangous port?
You can just change it back to 80 on the console..
Why not just set pfsense to https only?
-
-
-
@johnpoz fixed... Effing Chrome.
well, now knowing THAT, im gonna keep it that way :)
-
@johnpoz OK, i got Ombi working, nextcloud is still not liking it (to get ombi to work, i had to disable the 1:1 NAT rule i thought i needed (but apparently do not) for plex to work
-
@menethoran are you trying to run nexcloud through haproxy? Is that a different fqdn, netclould.yourdomain.tld ?
-
@johnpoz i am trying to get it to run through HAProxy, yes.
Same domain but cloud.domain.com rather than ombi.domain.com
currently getting a 503 error.
-
@menethoran 503 points to your backend check failing, turn that off. I ran into sim problem with either ombi or overseerr, had to set check to none.
-
@johnpoz as in the health check? (that was already turned off).
BUT, i avoided the 503 error by changing my PfSense SSL port to 8443.
But, now im getting a 400 error, even when connecting with https its telling me im connecting via http
-
@menethoran well yeah if your going to be using ports for haproxy, you can't be using the ports on other services..
You trying to do this with shared frontend, I take it your doing ssl offloading, or your doing it on the cloud instance? Is it running on 443, some other port? like 9001, is that in the clear, or is that also https, where your trying to do a ssl frontend and also on the backend?
-
@johnpoz Home assistant created the nextcloud instance and puts it on port 9001 (it has something to do with KVM not allowing the assigning of ports below 9000 or something. I did a little research but quit when i found out the issue is currently "baked in".
I dont particularly care what port it all runs across, just want it to be secure (i cant do that with Ombi as i understand it because Ombi doesnt support SSL yet (as Ive read)).
So, preferably, id like to go to https://cloud.mydomain.com and have it end at my nextcloud instance at 192.168.2.2:9001
here are my front and backends.... figure its easier just to show you:
-
-
@menethoran you sure you can even setup nextclould without ssl?
So you can access locally with just http://192.168.2.2:9000?
-
@johnpoz no. but i can at: https://192.168.2.2:9001
http:// leads to a 400 error.weirdly, it looks like the SSL certificate is the one issued by TrueNAS
-
@menethoran well if you can not get to it without ssl, and your setup your backend to not be ssl, not how you would think it would work.
Either use ssl on the backend, or get nextcloud working without ssl, that you can load locally before you try setting it up with haproxy.
-
@johnpoz i wasnt trying to set up my backend (or front end for that matter) not to use SSL, i want ssl from start to finish with this one (again, ombi i dont care about as you cant use ssl... nextcloud is a bit different, and I definitely want SSL. I have ticked and unticked the (Encrypt)SSL and SSL checks. but neither seems to have any impact.
