Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple Web Servers

    Scheduled Pinned Locked Moved NAT
    17 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viragomann @natethegreat21
      last edited by

      @natethegreat21
      I learned somethings from here:
      https://github.com/ahuacate/pfsense-haproxy/blob/master/README.md
      https://docs.deeztek.com/books/pfsense/page/pfsense-haproxy-softether-vpn
      https://cbonte.github.io/haproxy-dconv/2.2/configuration.html

      natethegreat21N 2 Replies Last reply Reply Quote 0
      • natethegreat21N
        natethegreat21 @viragomann
        last edited by

        @viragomann Thats super helpful. Thank you so much!

        1 Reply Last reply Reply Quote 0
        • natethegreat21N
          natethegreat21 @viragomann
          last edited by

          @viragomann I installed and setup the software but for some reason its not passing any traffic to the destinations. HAProxy 7.PNG HAProxy 6.PNG HAProxy 5.PNG HAProxy 4.PNG HAProxy 3.PNG HAProxy 2.PNG HAProxy 1.PNG

          natethegreat21N V 2 Replies Last reply Reply Quote 0
          • natethegreat21N
            natethegreat21 @natethegreat21
            last edited by

            @natethegreat21 Stats.PNG

            1 Reply Last reply Reply Quote 0
            • V
              viragomann @natethegreat21
              last edited by viragomann

              @natethegreat21
              I'm not expirenced with TCP mode, I only use https with SSL offloading.
              For http/s offloading mode you need to import your SSL certificates into pfSense.

              Anyway you need a pair of ACL + Action for each backend.
              Each ACL must have a unique name if you configure both in a single frontend, e.g. game, nextcloud.

              In TCP mode the proxy cannot read the host header, so it doesn't know the host name. It could only see the SNI.
              So you might have to uncheck the ACL expression you have to select something like "SNI extension matches" and enter the SAN name of the SSL certificate.

              Also I can't really see how you did the port 80 redirection.

              natethegreat21N 1 Reply Last reply Reply Quote 0
              • natethegreat21N
                natethegreat21 @viragomann
                last edited by natethegreat21

                @viragomann Im going to change it to offloading. What are you missing for port 80. Does it not makes sense?Yeah so now its saying the site cant provide a secure connection SSL error probably because the certs are not there. Should I just generate new certs or reuse the existing one on the Linux box?

                natethegreat21N V 2 Replies Last reply Reply Quote 0
                • natethegreat21N
                  natethegreat21 @natethegreat21
                  last edited by natethegreat21

                  This post is deleted!
                  1 Reply Last reply Reply Quote 0
                  • V
                    viragomann @natethegreat21
                    last edited by

                    @natethegreat21 said in Multiple Web Servers:

                    What are you missing for port 80. Does it not makes sense?

                    I simply cannot see, how it works from your screenshots.

                    Should I just generate new certs or reuse the existing one on the Linux box?

                    Sounds like you're using self-signed certificates.
                    If so you can generate new one as well, but you can also import existing certificates into pfSense using the cert manager and assign them then in HAproxy.

                    natethegreat21N 4 Replies Last reply Reply Quote 0
                    • natethegreat21N
                      natethegreat21 @viragomann
                      last edited by

                      @viragomann I just used Acme and generated some LetsEncrypt certs as well as added them to the DNS on my domain provider. Anything greyed out is my Pubilc IP or the web address.

                      1 Reply Last reply Reply Quote 0
                      • natethegreat21N
                        natethegreat21 @viragomann
                        last edited by

                        @viragomann http3.PNG http2.PNG http1.PNG

                        1 Reply Last reply Reply Quote 0
                        • natethegreat21N
                          natethegreat21 @viragomann
                          last edited by

                          @viragomann Backend 1.PNG

                          1 Reply Last reply Reply Quote 0
                          • natethegreat21N
                            natethegreat21 @viragomann
                            last edited by

                            @viragomann Frontend 3.PNG Frontend 2.PNG Frontend 1.PNG

                            natethegreat21N 1 Reply Last reply Reply Quote 0
                            • natethegreat21N
                              natethegreat21 @natethegreat21
                              last edited by

                              @natethegreat21 Closing this out and opening a new topic.

                              1 Reply Last reply Reply Quote 0
                              • H
                                hazeltorres
                                last edited by

                                This post is deleted!
                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.