<![CDATA[HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE)]]>–-- Found my answer, scroll below to see the configuration details ----

For the following I have no idea an total noob on this, help very appreciated.

Question: Howto let PFSense translate incomming HTTPS into HTTP

On the server i have running a http service (a old peace of software with a built in HTTP service)
Is it achievable to put PFSense intercept HTTPS request from a client and forward this as a HTTP request to the HTTP service?

See also the drawing.

Thank you.

edit: After an better understanding, changed the tittle more appropriate.
Drawing3.jpg
Drawing3.jpg_thumb

]]>https://forum.netgate.com/topic/121635/haproxy-offload-https-from-internet-into-http-working-config-exampleRSS for NodeSat, 11 Apr 2026 12:31:29 GMTWed, 18 Oct 2017 21:03:57 GMT60<![CDATA[Reply to HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE) on Tue, 26 Mar 2019 16:55:47 GMT]]>NFM! thanks.

]]>https://forum.netgate.com/post/833135https://forum.netgate.com/post/833135Tue, 26 Mar 2019 16:55:47 GMT<![CDATA[Reply to HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE) on Tue, 26 Mar 2019 15:50:53 GMT]]>

Last Online 23 Oct 2017, 23:46

You can probably wait a long time. Better do some RTFM:
https://github.com/PiBa-NL/pfsense-haproxy-package-doc/wiki
http://www.haproxy.org/#docs

]]>https://forum.netgate.com/post/833117https://forum.netgate.com/post/833117Tue, 26 Mar 2019 15:50:53 GMT<![CDATA[Reply to HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE) on Tue, 26 Mar 2019 15:45:46 GMT]]>add me to the list of people who would like to see the screenshots, please re-add if possible.

]]>https://forum.netgate.com/post/833115https://forum.netgate.com/post/833115Tue, 26 Mar 2019 15:45:46 GMT<![CDATA[Reply to HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE) on Tue, 05 Mar 2019 17:12:20 GMT]]>Hello Sokolum,
The pictures you posted are gone, care to reup? I really want to follow what you put here!

]]>https://forum.netgate.com/post/828321https://forum.netgate.com/post/828321Tue, 05 Mar 2019 17:12:20 GMT<![CDATA[Reply to HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE) on Fri, 20 Oct 2017 09:01:30 GMT]]>ok, I have got it working and this example I like to share is the most basic, essentially needed to make it work.
The whole setup is running on PFSense 2.4.0-RELEASE (the latest release in October 2017).

This drawing is to show how the traffic will flow within PFSense.
I have used different PORT NUMBERS, so you can actually see what is happening.

6 majors steps are needed to complete:

1) Installing: SystemPackage Manager > HAProxy package
  5) Adding: Firewall > Virtual IPs
  3) Configure: Service > HAProxy > Settings
  4) Configure: Service > HAProxy > Backend
  5) Configure: Service > HAProxy > Frontend
  6) Adding: Firewall > NAT > Port Forward

1) Installing the package, just add it.

2) Adding: Firewall > Virtual IPs
Virtual IP is added to have a better control and understanding for what is happening, not need, but it helped me understand how it all works.

3a)  Configure: Service > HAProxy > Settings
Enable "HAProxy" and set a limit of connections you desire, I choose "50"

3b)  Configure: Service > HAProxy > Settings
Set the "Internal Stat Port", I have choose for the example "2200".

3c)  Configure: Service > HAProxy > Settings
Set the "MAX SSL Diffie-Hellman size", I have choosen for "2048".

4a) Configure: Service > HAProxy > Backend
Configure as shown:

4b) Configure: Service > HAProxy > Backend
This how it looks on the Backend tab when finnished.

5a) Configure: Service > HAProxy > Frontend
Configure as shown:

5b) Configure: Service > HAProxy > Frontend
Configure as shown:

5c) Configure: Service > HAProxy > Frontend
This how it looks on the Frontend tab when finnished.

6) Adding: Firewall > NAT > Port Forward
And a NAT Port Forward for the Incoming traffic from the Internet to the Virtual IP:

6) Adding: Firewall > NAT > Port Forward
The rule on the WAN interface is automatically added, if not, this is how it looks like:

This is literally all what is needed….
Good luck!

package.PNG
package.PNG_thumb
settings-01.PNG
settings-01.PNG_thumb
settings-02.PNG
settings-02.PNG_thumb
settings-03.png
settings-03.png_thumb
frontend-01.PNG
frontend-01.PNG_thumb
frontend-02.PNG
frontend-02.PNG_thumb
frontend-03.PNG
frontend-03.PNG_thumb
backend-01.PNG
backend-01.PNG_thumb
backend-02.PNG
backend-02.PNG_thumb
![Virutal IP.PNG](/public/imported_attachments/1/Virutal IP.PNG)
![Virutal IP.PNG_thumb](/public/imported_attachments/1/Virutal IP.PNG_thumb)
![NAT rule.PNG](/public/imported_attachments/1/NAT rule.PNG)
![NAT rule.PNG_thumb](/public/imported_attachments/1/NAT rule.PNG_thumb)
![WAN rule.png](/public/imported_attachments/1/WAN rule.png)
![WAN rule.png_thumb](/public/imported_attachments/1/WAN rule.png_thumb)
Drawing1.png
Drawing1.png_thumb

]]>https://forum.netgate.com/post/729220https://forum.netgate.com/post/729220Fri, 20 Oct 2017 09:01:30 GMT<![CDATA[Reply to HAProxy - Offload HTTPS (from internet) into HTTP (WORKING + config EXAMPLE) on Wed, 18 Oct 2017 21:27:01 GMT]]>Use HAproxy.

]]>https://forum.netgate.com/post/728919https://forum.netgate.com/post/728919Wed, 18 Oct 2017 21:27:01 GMT