Docker behind pfsense: haproxy, traefik, or ... ?

  • As discussed in other threads here I am happily using HAproxy on pfsense to proxy https to various servers in my LANs. So far they are mostly VMs in a VMware Vsphere environment, they get static DHCP-leases from pfsense and things work out fine.

    Now I added docker ... and this introduces additional networking. I set up traefik as proxy container within docker ... and now I start to wonder how to do the "ideal setup": traefik could pull LE-certs via ACME by itself, but this would only work or make sense for the containers. Should I introduce a subdomain like "" for this tree of containers ...

    I would like to learn how others handle a mixed environment like this and avoid any pitfalls.

  • Noone? ok ... I just add some thoughts here, maybe someone chimes in ...

    Did my first tests here and as far as I get it, it will be better to decide for one spot to do the SSL-termination.
    So far I couldn't get things working with both ACME on pfsense (managing the certs for pfsense itself and some already existing VMs) and additional traefik trying to pull certs for the docker containers.

    I assume it should be possible though ;-)

    If HAproxy on pfsense filters out all traffic going to "" and forwards that to the traefix-proxy things should work, I assume.

    Another option would be to run traefik for http only ... but then I lose much of the magic features it brings.

  • I ended up getting stuck in the same situation. Ended up just getting rid of HAProxy and letting Traefik handle all proxying requirements.

    If I tried to use both, HAProxy would not recognise anything in Traefik and report with a 503.

    IMO Traefik is easier to config and use.

Log in to reply