Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best practise for using HAProxy for internal servers?

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shad0wca7
      last edited by

      I'd like to have a bunch of my docker containers having nice easy to access URLs rather than port numbers etc. I have HAProxy working using https for some external servers but I'd like to use it for these internal severs.

      I tried a little experiment by writing the IP into the DNS Resolver and then resolving that IP to pfsense for HAproxy to pick up (on port 80 this time) but got into a a lot of strange behaviour with the router suspecting DNS rebinding attacks and almost at one point making the web admin page unavailable / unresponsive (it somehow magically came back...). I'm quite sure I'm not doing that correctly so how do I use HAProxy on pfsense to manage internal servers that I never want to be resolved from the WAN side?

      1 Reply Last reply Reply Quote 0
      • C
        costanzo
        last edited by

        @shad0wca7 said in Best practise for using HAProxy for internal servers?:

        I'd like to have a bunch of my docker containers having nice easy to access URLs rather than port numbers etc. I have HAProxy working using https for some external servers but I'd like to use it for these internal severs.

        I have something similar setup. I use a virtual IP, 192.168.1.25 and have my HAProxy Front End listening to this virtual IP

        9656758b-7ecf-40f7-a641-49407cf7e85e-image.png
        833c4897-f42d-4744-96f2-dce84dd1af6b-image.png

        The HAProxy "backends" point to the internal server IPs; however, I use the Host override in the DNS to point to the same virtual IP used in the HAProxy Frontend.

        In your example, you would setup and point all your docker servers in the backend, then create DNS host override to point to each of the docker server to the same virtual IP used by HA Proxy.

        With this setup, people accessing the url from inside the network reach the correct server. For example, printer.example.com would reach 192.168.1.25

        53c8dbff-c4de-40d3-b21c-fe8458765511-image.png

        Hope this helps.

        S 1 Reply Last reply Reply Quote 2
        • S
          shad0wca7 @costanzo
          last edited by

          @costanzo This is basically exactly what I ended up doing as well after thinking about it further (but forgot to post in here).

          Glad to see I'm not the only one coming to this conclusion of how to set it up. Seems reliable.

          1 Reply Last reply Reply Quote 0
          • S
            superloser
            last edited by

            @costanzo

            Your solution is so simple and works perfectly. I basically already had this set up for my WAN interface. And just needed to do the same for my internal networks. You have no idea the countless hours I have spent attempting to get DNS and what not to work internally with my HAProxy. And the endless opinions and options everywhere

            Seriously, thank you so so so much. 👏 😊 😊 😊

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.