Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy Routing Assistance - External Resolution Fail and Internal Weirdness

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 2 Posters 717 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thisnerdyguy
      last edited by

      Hello,

      I figure two fruitless posts on reddit and it's time to come ask the big dogs here at the official watering hole.

      I want to use HAproxy so I can give out a URL to my family for Ombi/Plexrequests.

      I want the URL to be a sub-domain with the syntax of: request.FQDN.com.

      I have my domain registered through Google Domains.
      Within Google Domains DNS, I have set request.FQDN.com to WAN.IP.

      Within pfSense, I have a WAN firewall rule to pass 8080 to self/This Firewall.

      I have a front-end configured listening on WAN.IP:8080
      With an ACL looking for request.FQDN.com >> Using the Backend of Ombi which is set for LAN.IP:3579.

      Internally, if I go to request.FQDN.com it loads the pfSense WebUI with a Rebind DNS attack warning.
      However, internally, if I go to request.FQDN.com:8080 it redirects to the Ombi/PlexRequests login page as desired.
      This was due to my using my cellphone with LTE+Wifi. Using a local-only client, it fails to resolve completely internally.

      Externally, I only receive "connection refused" messages. I've never gotten it to resolve through HAproxy externally.
      Edit: I just tried accessing request.FQDN.com:8080 externally and it redirected properly!

      ~~Despite my dozen other forwarded ports that have been setup for years, I wanted to make sure I knew what I was doing. NAT'ing the direct port to my LAN IP allows for external resolution just fine; but it's ugly since it redirects from request.FQDN.com to WAN.IP:3579 in the address bar. I am, admittedly, being a stickler for the details in not accepting that as a valid option but I'd prefer to rely on the security of HAproxy than some still-in-development login portal.

      I've been at this now for over 12 hours…I confirmed with Ombi/PlexRequests developer that, with a sub-domain setup specifically, the Base URL field is not necessary.~~

      With this new finding, my question is now: how can I make it so that request.FQDN.com is all that is needed?
      request.FQDN.com:8080, while functional, goes against my "easy URL" desire.

      Please let me know if there is any information or logs that can help (the proverbial) you in helping (the real) me.

      1 Reply Last reply Reply Quote 0
      • G
        gerby123
        last edited by

        If you want to just be able to give out host.fqdn.com as the URL you'll need to move the front end to port 80.  I would suggest that instead you move it to 443 and use the ACME package to add TLS to your service; users would then have to use https://host.fqdn.com but you'd provide a bit more security if you're using any kind of username / password on ombi.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.