Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    switch from HAProxy Manager to pfsense haproxy

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BassT @viragomann
      last edited by

      @viragomann you are right, there is no difference :)
      will try out more :)

      1 Reply Last reply Reply Quote 0
      • NightlySharkN
        NightlyShark @BassT
        last edited by

        @BassT I assume you mean that:

        • You want a globally accessible DNS name that points to your HAProxy.
        • -> Try visiting cloudflare to buy a domain name
        • -> Take a look at cloudflare tunnels (cloudflared) and cloudflare traditional proxied DNS (choose one or the other method)
        • You want to have a publicly trusted SSL/TLS certificate
        • -> Install the ACME package and integrate with cloudflare OR
        • -> Let cloudflare create a cert for you. In case of not choosing cloudflared, create self-signed certs for HAProxy via Cert Manager on PfSense.
        B 1 Reply Last reply Reply Quote 0
        • B
          BassT @NightlyShark
          last edited by

          Hi @NightlyShark,

          not totally.
          I had an webspace with ip redirection. So the online services I can make, also with trusted acme certificate. Nextcloud run correctly with https://cloud.mydomain.de

          What not work for now is an dns name with trusted certificate for offline (local) servers.

          Let me say, if I want to make pfsense ui accessable via pfsense.home/
          The certificate I made, but I can not redirect pfsense.home to 192.168.1.1:10443
          The same settings for nextcloud don't work here, think I missed something.

          So for this I need an tutorial to manage it ;)

          NightlySharkN 1 Reply Last reply Reply Quote 0
          • NightlySharkN
            NightlyShark @BassT
            last edited by NightlyShark

            @BassT You can reuse the existing one by having split-DNS for the *.domain.de names, by using PfSense DNS resolver static host overrides, like:
            96b44cc0-1bc6-4f86-8a29-8cc353e1602f-image.png

            B 1 Reply Last reply Reply Quote 1
            • B
              BassT @NightlyShark
              last edited by BassT

              @NightlyShark but these services (not nextcloud) should only accessable from local lan, or vpn, not from the internet.

              so I made certificates for *.home and *.smarthome.
              will tryout with DNS resolver this evening ;)

              NightlySharkN 1 Reply Last reply Reply Quote 0
              • NightlySharkN
                NightlyShark @BassT
                last edited by NightlyShark

                @BassT Make a *.domain.de cert via let's encrypt!. You can, besides the non-wildcard one.

                B 2 Replies Last reply Reply Quote 0
                • B
                  BassT @NightlyShark
                  last edited by

                  @NightlyShark *.home was an sad example. I now, wildcards dont work. so make certificate for foo.home / bar.home, ... :)
                  But for local I dont need *.de

                  Later I will switch to pfsense.internal, because this should be used for local dns in the future.

                  1 Reply Last reply Reply Quote 0
                  • B
                    BassT @NightlyShark
                    last edited by BassT

                    @NightlyShark quick relover test:

                    basst@Kubuntu-VM:~$ curl pfsense.home
                    curl: (6) Could not resolve host: pfsense.home

                    EDIT:
                    also, how to set https insead of http, and the port in resolver settings?

                    NightlySharkN 2 Replies Last reply Reply Quote 0
                    • NightlySharkN
                      NightlyShark @BassT
                      last edited by

                      @BassT You don't set it in the resolver, you create a HaProxy HTTP (80) frontend that always redirects to HTTPS (443). As for the .local DNS, that is not exactly true. This applies to domains (not hosts) that are never accessible via internet. If a domain is on the internet, in order for local devices to be able to use the services directly, you use split-DNS like I showed.

                      1 Reply Last reply Reply Quote 1
                      • NightlySharkN
                        NightlyShark @BassT
                        last edited by NightlyShark

                        @BassT said in switch from HAProxy Manager to pfsense haproxy:

                        basst@Kubuntu-VM:~$ curl pfsense.home
                        curl: (6) Could not resolve host: pfsense.home

                        In that case, the pfsense is the domain (eg, pfsense.com and the home is the TLD (top level domain, eg .com). In order for that to work, you would need to set a domain of pfsense.home:
                        0da662dd-1610-4958-8157-d3a268ae3cf9-image.png

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.