Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy SSL Offloading for non-HTTPS services (IMAP, SSH, etc.)

    Cache/Proxy
    1
    1
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hyperg0at
      last edited by

      Howdy, I'm looking to use pfsense with the Acme cert package to manage my domain's lets encrypt certificate and be the public face of my domain so I don't have to worry about the short renewal period of the cert.

      I've configured HAProxy to do ssl offloading for the HTTPS service (and proxy to the server HTTPS port) and that's working exactly as I would expect. Just configuring a transparent ssl proxy to the tcp services is also working. The problem occurs when I configure those frontends to use ssl offloading. At that point, there are ssl handshake errors attempting to connect with those services.

      From the documentation it seems like this kind of setup should work given that the frontend offload certificate is valid, the backend is configured as 'ssl on' and the frontend type is set to 'ssl/https (tcp)'.

      Any ideas on something I'm missing? It doesn't feel like a problem with HAProxy running into issues offloading onto another ssl connection to the backend (it works for HTTPS).

      Any suggestions are much appreciated!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.