Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy to pfsense webui

    Scheduled Pinned Locked Moved Cache/Proxy
    4 Posts 2 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Blendin_Blandin
      last edited by

      Hi,
      I have haproxy setup to reverse proxy (both :80 and :443) to several servers successfully however I have been trying to also use haproxy to reverse proxy to pfsense web ui with no success.

      pfsense is set to port 443.

      FrontEnd:
        SSLSharedFrontend, WAN, 443, Type ssl/https.
        – pfSenseFrontEnd, Primary SSLSharedFrontend,  ACL set to "SNI TLS Matches pfsense.mydomain.com, Action uses backend pfsenseBackend.

      Backend:
        pfsenseBackend, 127.0.0.1, 443, SSL no, HealthCheck none, Use client-ip.

      Under Firewall Rules I have tried several settings the latest being
      LAN:  ipv4, *, *, 127.0.0.1, 443, *, none
      WAN: ipv4, *, *, WAN address, 443, *, none

      and I disabled the previous pfsense remote access working port forward :8080 to :443

      No matter what I try I get a 503 Service Unavailable when I access the domain from an external network (ie mobile phone).

      Has anyone managed to do this successfully or have any advise on what I'm doing wrong.

      Thanks
      Blendin_Blandin

      1 Reply Last reply Reply Quote 0
      • P
        PiBa
        last edited by

        Hi Blendin_Blandin,

        Have you tried without the 'Use client-ip.' ?

        If you enable healthchecking it does show success on the stats page.?

        Regards,
        PiBa-NL

        1 Reply Last reply Reply Quote 0
        • B
          Blendin_Blandin
          last edited by

          Hi PiBa,
          I thought I had tried that before so not sure why it works now but once I disabled client-ip it works. Its complaining about the ssl certificate so I need to deal with that next but its progress.

          As per health check I have only been able to get basic to work with pfsense.

          Thanks

          1 Reply Last reply Reply Quote 0
          • P
            PiBa
            last edited by

            Hi Blendin_Blandin,

            For HTTP health checks you can do the following:

            • enable 'ssl' on the backend server
            • Http check method : HEAD
              Though i would probably set a very low check frequency (once a minute or so.?.) or maybe not check at al..

            As for the certificate, as your passing the traffic with mode tcp so haproxy doesnt need any additional settings there, a valid certificate needs to configured for the webgui though for the name your typing in the browser.

            Regards
            PiBa-NL

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.