HAProxy - exposed admin login
I setup HAProxy listening on port 80 and 443. I port forwarded the adsl modem to these ports. Website etc was working fine.
I had to change out the ADSL modem today, so connected a new modem up, port forwarded 80 and 443 to 80 and 443 on the pfsense server. However, I surf to the web address and the pfsense admin login screen is shown.
How comes the web config is bound to the WAN address? Should I have HAProxy listen on something other than 80 and 443? Is there some race condition for the use of port 80 and 443 between the web admin and haproxy to explain why it was working before?
Should I have HAProxy listen on something other than 80 and 443?
No, you should have the webGUI listen on something else.
Thanks - hoping there was a way to not bind the web gui to the wan interface. Minor quirk but it was quite nice accessing the gui on https on the lan via an internal URL without having to specify another port.
And you can still do that with HAproxy. Put another frontend on your LAN. Doing it all the time.
Awesome and ingenious. Thanks
To help anyone else who googles a similar issue - I set this all up and it was failing on HAProxy health check and wouldn't work. Digging around, googling, viewing the log etc, I finally noticed that the logs shows (for the health check after turning logging on for this).
….....is DOWN, reason: Layer7 wrong status, code: 405, info: "Not Allowed"
Googled and then realised that the code 405 is a HTTP code, and HTTP 405 is "Method Not Allowed".
I changed the health check HTTP check method from OPTIONS to a simple GET.
This resolved it.
Thanks again for to doktornotor for such a simple elegant solution.