Webserver behind pfSense and port forwarding Port 80

Stef_R

I have a Netgate 6100 used as my main firewall.
On the 6100 I have installed several packages, like Snort, Squid and ACME for certificate.
ACME is using port 80 / 443 to connect to the Let's Encrypt Server to automatically renew my certificate. This works great.

But now I want to have a webserver (and maybe even a second webserver as a filecloud server) behind my firewall.
However, they all use port 80 / 443.
What would be the best way to a) keep ACME using the port 80 / 443 for auto renewal of the certificates, b) configure my first webserver to use an alternative port number and c) use my filecloud Server to be accessible from outside my network.

stephenw10

You can use a reverse proxy, like HAProxy, to send requests to different URLs to different servers behind the firewall. And off-load the SSL to a cert on the proxy if you need to.
It's quite a complex setup though.

Steve

Stef_R

Hi @stephenw10
Many thanks for the quick reply.

So basically with HAproxy, it looks to the header of a package and based on that info it forwards to the correct Server?

I am not an expert in this but I do have some basic skills. (And I’m a fast learner :-) ha ha)

I will take a look at HAproxy and fiddle around with it a bit.

stephenw10

Take a look at: https://youtu.be/FJSHMyrd29E?t=1299