problem configuring HAproxy with subdomains
-
@bensz
have you made a firewall rule on the wan to allow tcp access from any to wanip:80 ? -
Is that correct as I've done
-
@bensz
YesDolizelec Default Page It works! -
Thank you,
I'll continue to search with certbot why it doesn't want to work.
Thanks again
Benoit -
@bensz
So now you should be able to use acme to get a certificate, after that the https site should be configured with it.. -
@bensz said in problem configuring HAproxy with subdomains:
search with certbot why it doesn't want to work.
Previously you got the message "Timeout during connect (likely firewall problem)" .. I think that should be solved now.. So what is Certbot / LEservers saying now for error.?
-
certbot reply
-
The following errors were reported by the server:
Domain: dolizelec.zelec.homelinux.net
Type: unauthorized
Detail: Invalid response from
http://dolizelec.zelec.homelinux.net/.well-known/acme-challenge/_bWOWkqCKIrs7bOzwJbxGLfmetEfGCG6phCO8q4CqdY
[92.188.16.194]: "<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">\n<html><head>\n<title>404 Not
Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
-
-
Hello,
I solved things with certbot, but now my problem is port 443 goes to pfsense webgui instead of my haproxy backend.
I don't understand why
Thanks -
@bensz
Webgui is still configured on :4433?
Is haproxy still the only service listening on :443 ?
Is haproxy configured to forward traffic to pfSense webgui with some backend, maybe a acl doesnt match properly and sends the traffic to that backend then?
Do you have a nat rule that points 443 traffic to the webgui port? -
Hi,
Webgui is on port 4433
As I know haproxy is the only service listening 443
there's no backend to webgui. For the moment, I have 2 frontend 1 for port 80 and 1 for port 443. and 2 backend for rhe same reason.
I use a NAT rule for 443 but il's for my old server, and I disable it for test.
My new server (in a subdomain) and my old server (with NAT) use apache. And when I try to certificate with LE, the reply is a nginx server reply in 443. As I don't have any nginx server, I suppose it's the webgui which is served by Nginx.Thanks
Here my haprowy.cfg if that can help
haproxy.txt -
@bensz said in problem configuring HAproxy with subdomains:
the reply is a nginx server reply in 443
That might be, but the pfSense webgui does not seem the send the
<!DOCTYPE HTML PUBLICwhich the certbot error shows, so if it is nginx then its a different nginx server than that running on pfSense.. i doubt its finding its way to the webgui.. your Apache server however does send that doctype when requested for a page that does not exist.. I think the certbot>letsencrypt request does properly land on the Apache server but maybe the token file was just not placed in the correct subfolder? -
You're right, I delete certbot and install a selfsignated certificate. That works correctly. The problem come from LE. As the server is empty, I will reinstall it.
Thank you for your help
Benoit