Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA Proxy using HTTP with backend - Not configured for this

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 144 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by

      Greetings
      Running into an very interesting issue with HA Proxy at the moment.
      I have a NAS on my backend that is listening on port 9901 with SSL.
      If i bypass HA Proxy and hit directly the https:x.x.x.x:9901 url i can access it.
      If i come in over my WAN i get greeted with the following message
      5e7b7a36-2ad3-4a56-b260-89b35dd90a09-image.png

      I checked my backend configuration to ensure it is communicating on using SSL and it is.
      bb119b46-3fb3-4bed-b33b-150d262639c7-image.png

      I then did a packet capture on my VLAN facing the server and i see the firewall trying to use HTTP completely ignoring the configuration. I have never seen this happen with HA Proxy
      a2970ecc-0ede-45ce-99b6-2b4fe50da542-image.png

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @michmoor
        last edited by

        FIXED.

        All i did was remove backend and frontend configuration and re-added it.
        Working fine.
        pcaps now show TLS communication with backend.

        Definitely a bug. Trying to reproduce so i can open a redmine but so far i cant.

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.