Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HA-Proxy, how to set correctly a shared fronted with Offloading and TCP

    Cache/Proxy
    2
    3
    121
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BelluX
      last edited by

      Hi,

      i'm new to haproxy

      i have two local server, one have an internal certficate and another one will sign/renew with pfsense. i need to create a shared frontend to work with 443 with these two server, i followed and search some guide to set up haproxy correctly but i found nothing about a shared fronted.

      Screenshot 2025-03-20 110428.png

      I endend up setting all like you see in the attachment and it works because i can reach endpoint without problem and all have the certificate seen correctly when i try to enter from outside.

      The problem is the warning you see, i don't know how to set up properly a shared frontend, if i shutdwon the two that are working for offloading and tcp everything stop working.

      Which guide i can follow or what yuo suggest to adjust for the shared frontend to work properly.

      Thank you.

      1 Reply Last reply Reply Quote 0
      • S
        Sebastian74
        last edited by

        It looks like your setup is mostly working, but the warning could indicate a misconfiguration in HAProxy's frontend/backend handling. Since you're using a shared frontend on port 443, you might need to adjust your ACLs and SNI rules properly.

        A few things to check:

        Ensure that HAProxy is correctly routing traffic based on SNI (Server Name Indication).

        If you're using TCP mode, make sure that SSL passthrough is configured correctly for both backends.

        If you're offloading SSL at HAProxy, ensure that the certificates are properly assigned and that backend communication is happening over HTTP or correctly re-encrypted HTTPS.

        If your setup involves a shared proxy, check that HAProxy is correctly handling multiple backend servers and not conflicting with SSL termination.

        For guides, you might find these helpful:

        HAProxy SNI Routing

        HAProxy with pfSense

        If you can share the exact warning message, it’ll be easier to troubleshoot further!"

        Let me know if you need any more refinements!

        B 1 Reply Last reply Reply Quote 0
        • B
          BelluX @Sebastian74
          last edited by

          @Sebastian74

          If you're using TCP mode, make sure that SSL passthrough is configured correctly for both backends.

          If you're offloading SSL at HAProxy, ensure that the certificates are properly assigned and that backend communication is happening over HTTP or correctly re-encrypted HTTPS.

          I'm using every of this two option because one server have the certificate inside it, the other one is certified by HA Proxy and the cert is on Pfsense.

          I need to mix this two mode or tell me another way to do this correctly, i can't find anything for this case scenario.

          Thank you

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.