HAProxy to pfsense webui
I have haproxy setup to reverse proxy (both :80 and :443) to several servers successfully however I have been trying to also use haproxy to reverse proxy to pfsense web ui with no success.
pfsense is set to port 443.
SSLSharedFrontend, WAN, 443, Type ssl/https.
– pfSenseFrontEnd, Primary SSLSharedFrontend, ACL set to "SNI TLS Matches pfsense.mydomain.com, Action uses backend pfsenseBackend.
pfsenseBackend, 127.0.0.1, 443, SSL no, HealthCheck none, Use client-ip.
Under Firewall Rules I have tried several settings the latest being
LAN: ipv4, *, *, 127.0.0.1, 443, *, none
WAN: ipv4, *, *, WAN address, 443, *, none
and I disabled the previous pfsense remote access working port forward :8080 to :443
No matter what I try I get a 503 Service Unavailable when I access the domain from an external network (ie mobile phone).
Has anyone managed to do this successfully or have any advise on what I'm doing wrong.
Have you tried without the 'Use client-ip.' ?
If you enable healthchecking it does show success on the stats page.?
I thought I had tried that before so not sure why it works now but once I disabled client-ip it works. Its complaining about the ssl certificate so I need to deal with that next but its progress.
As per health check I have only been able to get basic to work with pfsense.
For HTTP health checks you can do the following:
- enable 'ssl' on the backend server
- Http check method : HEAD
Though i would probably set a very low check frequency (once a minute or so.?.) or maybe not check at al..
As for the certificate, as your passing the traffic with mode tcp so haproxy doesnt need any additional settings there, a valid certificate needs to configured for the webgui though for the name your typing in the browser.