Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy Port Redirect Internal

    Scheduled Pinned Locked Moved Cache/Proxy
    28 Posts 3 Posters 297 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      andrew_cb @spiker
      last edited by

      @spiker Mouse over L7STS/405 and see what it says.

      I am doing the same thing that you are trying, and it works for me.
      I do see that my Http check method is set to GET instead of OPTIONS, so try that and see if that fixes the health check status.

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        spiker @viragomann
        last edited by spiker

        @viragomann

        Ok turned SSL offloading back on, and selected the valid cert I set up with Acme/letsencrypt.

        I set the new front end to listen on 2443 and killed all the ACL's and set the default backend to PFsense_FWL

        did not blur out my domain but I do not plan on opening any services from WAN anyway.

        cc7a130b-f3b2-4d3a-8214-8fb33749138c-image.png

        9533fc1d-1cca-44ab-9668-d7977017ecce-image.png

        7b5810e6-d60c-41a6-b58e-e9cf08be2df4-image.png

        1 Reply Last reply Reply Quote 1
        • S Offline
          spiker @andrew_cb
          last edited by spiker

          @andrew_cb

          "I am doing the same thing that you are trying, and it works for me.
          I do see that my Http check method is set to GET instead of OPTIONS, so try that and see if that fixes the health check status."

          e8318ba0-8ceb-4850-8782-f99a83f9848c-image.png

          80bf0330-2a27-4a2d-ad1b-0cfb18bdc58e-image.png

          770af198-83c3-4357-8afd-881e808ebdaa-image.png

          V 1 Reply Last reply Reply Quote 1
          • V Offline
            viragomann @spiker
            last edited by viragomann

            @spiker
            This is the web UI directly accessed.

            What do you get without the port stated?

            Edit:
            Oh well, your frontend ist listening on port 2443 now.

            V S 2 Replies Last reply Reply Quote 0
            • V Offline
              viragomann @viragomann
              last edited by

              As the error message indicates, your web UI is forced to use https, but HAproxy uses http for accessing it.

              S 1 Reply Last reply Reply Quote 1
              • S Offline
                spiker @viragomann
                last edited by

                @viragomann

                Yeah directly accessed would be on port 10443, and that works just fine, cert and all.

                I do have a rule on all other interfaces/networks to block port 10443, but I am on the network that is stated in the front end and that interface has no rule to block 10443 to the FWL address.

                1 Reply Last reply Reply Quote 0
                • S Offline
                  spiker @viragomann
                  last edited by

                  @viragomann

                  Yeah I am using https to access it, crome will redirect to https anyway even if I try http.

                  V 1 Reply Last reply Reply Quote 0
                  • V Offline
                    viragomann @spiker
                    last edited by

                    @spiker
                    I was talking about the backend.
                    Do you still have "Encrypt (SSL)" checked and "SSL checks" unchecked in the backend?

                    S 1 Reply Last reply Reply Quote 0
                    • S Offline
                      spiker @viragomann
                      last edited by

                      @viragomann

                      I have the reverse at the moment.

                      76f00af4-d613-4a4e-a41c-f77c6185e658-image.png

                      S 1 Reply Last reply Reply Quote 0
                      • S Offline
                        spiker @spiker
                        last edited by

                        Hey that worked....

                        Thank you for your time here guys, I am new to all of this but you guys were amazing.

                        1 Reply Last reply Reply Quote 1
                        • S Offline
                          spiker
                          last edited by spiker

                          I put back on the ACL and moved the front end listener to 443 and it all works... Pushed the cert for the web management page back to the self signed one and HAProxy is SSL offloading with the signed cert! Man cant thank you guys enough.

                          V 1 Reply Last reply Reply Quote 1
                          • V Offline
                            viragomann @spiker
                            last edited by

                            @spiker
                            Great!

                            Remember, "Encrypt (SSL)" means, that HAproxy uses HTTPS to connect to the backend.
                            "SSL checks" means, that it checks the SSL certificate of the backend server. I.e. the certificate has to be valid.

                            S 1 Reply Last reply Reply Quote 1
                            • S Offline
                              spiker @viragomann
                              last edited by

                              @viragomann

                              Thank you, I had that a bit flipped in my mind!

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.