Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy 502 bad gateway with Cloudflare Proxy

    Scheduled Pinned Locked Moved Cache/Proxy
    34 Posts 5 Posters 6.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jycai @A Former User
      last edited by

      @klaussemmler Have you found an solution of this issue? I had the same setup and the same problem as you had.

      ? 1 Reply Last reply Reply Quote 0
      • ?
        A Former User @jycai
        last edited by

        @jycai I have installed a Mikrotik CRS305 as Switch in my Network and at least the odd kde connect behaviour is fixed.

        But the cloudflare issue still remains.

        ? 1 Reply Last reply Reply Quote 0
        • ?
          A Former User @A Former User
          last edited by

          I now tried to setup up everything with squid reverse proxy instead of haproxy but the issue with cloudflare proxy still remains. So it should not be a problem with haproxy itself.

          ? 1 Reply Last reply Reply Quote 0
          • ?
            A Former User @A Former User
            last edited by

            It seems like I have found the answer!

            Cloudflare DNS Proxy only works with http/https traffic on free tier. If non http/https traffic is used, for example when using a minecraft server, the DNS Proxy does not work.

            This is where I got the information from:

            https://community.cloudflare.com/t/cloudflare-minecraft-proxy/167417

            J 1 Reply Last reply Reply Quote 0
            • J
              jycai @A Former User
              last edited by

              @klaussemmler Some people mention pfBlockerNG is blocking traffic from Cloudflare proxied server, but my website still not work after I completely removed pfBlockerNG and reboot pfSense .

              ? 1 Reply Last reply Reply Quote 0
              • ?
                A Former User @jycai
                last edited by A Former User

                @jycai Have you whitelisted the cloudflare ips in your pfSense? You can actually do this automated with pfBlockerng.

                The ipv4 ips can be found here: https://www.cloudflare.com/ips-v4
                The ipv6 ips can be found here: https://www.cloudflare.com/ips-v6

                My pfBlockerng config for ipv4 looks like this (The alias at Custom DST Port contains port 80 and 443):

                Screenshot 2022-04-01 at 01-05-42 pfSense.home.arpa - Firewall pfBlockerNG IP IPv4.png

                J 1 Reply Last reply Reply Quote 0
                • J
                  jycai @A Former User
                  last edited by jycai

                  @klaussemmler Thank you I added the Cloudlfare IPs whitelist in pfBlockerNG as you suggest, however the Clourflare proxied still not working with Haproxy SSL offload on my nextcloud website. I don't get the error as 502, but missing half page info. It is working when Cloudlfare proxied is off.

                  I am runing version 2.6 and will try 2.52 and 2.4 later on to see if it makes a difference.

                  ? 1 Reply Last reply Reply Quote 0
                  • ?
                    A Former User @jycai
                    last edited by

                    @jycai Okay, interesting. Another thing that could cause problems with cloudflare is the encryption mode in the SSL/TLS menu. Try the modes flexible, full and full (strict) and see, if this fixes your problem.

                    Bildschirmfoto von 2022-04-01 09-07-50.png

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      jycai @A Former User
                      last edited by jycai

                      @klaussemmler
                      Flexible mode - no connection at all
                      Full - Load half page
                      Full(strict) - Error 526
                      V2.6, V2.52 and V2.4 with Acme or Cloudflare origin server certificate - all the same result.😧

                      ? F 2 Replies Last reply Reply Quote 0
                      • ?
                        A Former User @jycai
                        last edited by

                        @jycai I am kinda out of ideas. But you can try to toggle the options in SSL/TLS -> Edge Cetificates.

                        And are you sure you use the correct certificates for all servers?

                        1 Reply Last reply Reply Quote 0
                        • F
                          firewallwiki @jycai
                          last edited by

                          @jycai with free cf choose flexible mode.
                          Check your pfsense firewall.
                          Sometimes problem at frontend and backend. I remove and recreate. It’s work

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.