Docker behind pfsense: haproxy, traefik, or ... ?
sgw last edited by
As discussed in other threads here I am happily using HAproxy on pfsense to proxy https to various servers in my LANs. So far they are mostly VMs in a VMware Vsphere environment, they get static DHCP-leases from pfsense and things work out fine.
Now I added docker ... and this introduces additional networking. I set up traefik as proxy container within docker ... and now I start to wonder how to do the "ideal setup": traefik could pull LE-certs via ACME by itself, but this would only work or make sense for the containers. Should I introduce a subdomain like "docker.my.tld" for this tree of containers ...
I would like to learn how others handle a mixed environment like this and avoid any pitfalls.
sgw last edited by sgw
Noone? ok ... I just add some thoughts here, maybe someone chimes in ...
Did my first tests here and as far as I get it, it will be better to decide for one spot to do the SSL-termination.
So far I couldn't get things working with both ACME on pfsense (managing the certs for pfsense itself and some already existing VMs) and additional traefik trying to pull certs for the docker containers.
I assume it should be possible though ;-)
If HAproxy on pfsense filters out all traffic going to ".docker.my.tld" and forwards that to the traefix-proxy things should work, I assume.
Another option would be to run traefik for http only ... but then I lose much of the magic features it brings.
poppahorse last edited by
I ended up getting stuck in the same situation. Ended up just getting rid of HAProxy and letting Traefik handle all proxying requirements.
If I tried to use both, HAProxy would not recognise anything in Traefik and report with a 503.
IMO Traefik is easier to config and use.