Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with HAProxy and Docker

    Scheduled Pinned Locked Moved
    pfSense Packages
    1
    2
    729
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      konjugatix
      last edited by

      Hi all,

      i need some advice, as I am slowy in despair configuring my pfsense...
      I have a host running docker behind my pfsense, there are multiple containers which i want to "publish" to the internet with SSL-Certs and their own (sub)domain.
      I have installed ACME for LE certs and HAProxy for redirecting, dyndns is also set up.
      Before i had a pfsense, i was able to use nginx for this task in a container aswell, though after installing pfsense in my network ive been confronted with the dns rebind attack error on all but one website. After that i figured, why not use the top level FW for this instead of a container on the same hardware..
      I am unable to acomplish this with HAProxy, as i find too many and different approaches to this which either dont fit my purpose or dont work.

      Can someone give me a rundown of the things i have to set up and how i have to set them up?
      I arlready have my certs and Backends configured, though im unsure, whether they (backends) are correct.
      Ports 80 and 443 are allowed from WAN to This Firewall(self), is this correct?
      My services do have self signed certs but I want them to use my generated LE certs for every connection, inside and outside my network. As i remember, one has to set up a dns rebind(?) for this, how do i manage that?

      I am sorry for the nooby aproach to my question, i have to start from the begining i surpose...

      Kind regards :)

      K 1 Reply Last reply Reply Quote 0
      • K
        konjugatix @konjugatix
        last edited by

        @konjugatix

        allright, ive done a factory reset and switched my dyndns provider, this one messed up and gave my domain the wrong ip. Now ive got my domain set up with the correct ip and have started again.

        To this day, i have opened ports 80&443 on my appliance, though when i do a nmap on the IP/domain from outside the network(s), only port 80 is open, does anyone have had a similar issue? I made a simple rule WAN->Tis firewall (Self) with tcp on 80 and the same for 443 in a separate rule.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post