<![CDATA[HAProxy to pfsense webui]]>Hi,
I have haproxy setup to reverse proxy (both :80 and :443) to several servers successfully however I have been trying to also use haproxy to reverse proxy to pfsense web ui with no success.

pfsense is set to port 443.

FrontEnd:
  SSLSharedFrontend, WAN, 443, Type ssl/https.
  – pfSenseFrontEnd, Primary SSLSharedFrontend,  ACL set to "SNI TLS Matches pfsense.mydomain.com, Action uses backend pfsenseBackend.

Backend:
  pfsenseBackend, 127.0.0.1, 443, SSL no, HealthCheck none, Use client-ip.

Under Firewall Rules I have tried several settings the latest being
LAN:  ipv4, *, *, 127.0.0.1, 443, *, none
WAN: ipv4, *, *, WAN address, 443, *, none

and I disabled the previous pfsense remote access working port forward :8080 to :443

No matter what I try I get a 503 Service Unavailable when I access the domain from an external network (ie mobile phone).

Has anyone managed to do this successfully or have any advise on what I'm doing wrong.

Thanks
Blendin_Blandin

]]>https://forum.netgate.com/topic/100995/haproxy-to-pfsense-webuiRSS for NodeFri, 10 Apr 2026 09:54:55 GMTSat, 04 Jun 2016 10:04:34 GMT60<![CDATA[Reply to HAProxy to pfsense webui on Sun, 05 Jun 2016 11:59:30 GMT]]>Hi Blendin_Blandin,

For HTTP health checks you can do the following:

  • enable 'ssl' on the backend server
  • Http check method : HEAD
    Though i would probably set a very low check frequency (once a minute or so.?.) or maybe not check at al..

As for the certificate, as your passing the traffic with mode tcp so haproxy doesnt need any additional settings there, a valid certificate needs to configured for the webgui though for the name your typing in the browser.

Regards
PiBa-NL

]]>https://forum.netgate.com/post/629648https://forum.netgate.com/post/629648Sun, 05 Jun 2016 11:59:30 GMT<![CDATA[Reply to HAProxy to pfsense webui on Sun, 05 Jun 2016 08:47:58 GMT]]>Hi PiBa,
I thought I had tried that before so not sure why it works now but once I disabled client-ip it works. Its complaining about the ssl certificate so I need to deal with that next but its progress.

As per health check I have only been able to get basic to work with pfsense.

Thanks

]]>https://forum.netgate.com/post/629630https://forum.netgate.com/post/629630Sun, 05 Jun 2016 08:47:58 GMT<![CDATA[Reply to HAProxy to pfsense webui on Sat, 04 Jun 2016 17:31:33 GMT]]>Hi Blendin_Blandin,

Have you tried without the 'Use client-ip.' ?

If you enable healthchecking it does show success on the stats page.?

Regards,
PiBa-NL

]]>https://forum.netgate.com/post/629562https://forum.netgate.com/post/629562Sat, 04 Jun 2016 17:31:33 GMT