Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy Setup Help Needed

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 2 Posters 974 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PITS_King
      last edited by

      Okay, I'm fairly new to pfSense, and really, the professional extent of my networking experience comes from my home lab! That said, I'll get into what I hope to accomplish and hopefully you can guide me to getting there.

      Currently, I am running ESXi on a Dell PowerEdge R710. On that, I have several VMs running, with 1 being a Virtualmin web server, hosting 4 websites, on 3 different domains. I recently added a FreeNAS server to the network, on another VLAN. Right now, I can access the web server via standard NAT rules for ports 80 and 443. However, I am unable to setup standard rules for the FreeNAS/NextCloud machine.

      I've been reading over all I can find about how to configure HAproxy to do what I need, but I'm unable to have any good luck in my execution attempts. So, I'll lay it out.

      https://DomainA.tld > Web Server 10.0.1.4:443
      https://DomainA.tld/blog > Web Server 10.0.1.4:443
      https://DomainB.tld > Web Server 10.0.1.4:443
      https://DomainC.tld > Web Server 10.0.1.4:443

      http://nas.DomainD.tld > NAS Server 10.1.1.2:80 (Until routing is correct and SSL can be setup)
      https://nas.DomainD.tld > NAS Server 10.1.1.2:443
      https://nextcloud.DomainD.tld > NC Jail 10.1.1.3:443

      As stated, the websites already have established SSL certificates through LE, which is running on Virtualmin. I haven't fully configured the NC Jail, because it needs to be publicly accessible for SSL, which it isn't.

      So, any and all assistance in getting this all properly configured will be GREATLY appreciated! I need a complete walk-through.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Good place to start:

        https://www.youtube.com/watch?v=FJSHMyrd29E

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P
          PITS_King
          last edited by

          Hi Derelict,

          Thanks. I have a basic understanding oh how HAProxy works, but after watching that, I'm even more confused about how I need to configure it.

          I suppose the most confusing part for me, is how to setup SSL properly. My websites already have certificates issued on the server, and HTTPS redirects are enforced via the .htaccess files. I would like to keep all traffic encrypted, rather than use HTTP on the LAN side.

          Would I need to import those certificates to my pfSense box, then have pfSense/ACME get new certificates for HAProxy? Sorry, I"m just really stuck on all of this.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Yes. If you don't need what HAproxy provides (like multiple web sites on the same IP address that can't be handled using virtual hosts, etc, load balancing backends, SSL offloading) I would just port forward.

            But bouncing back and forth between the two on this thread isn't going to get you a solution.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            P 1 Reply Last reply Reply Quote 0
            • P
              PITS_King @Derelict
              last edited by PITS_King

              @Derelict, I didn't see it as bouncing back and forth at all. I clearly stated that I need assistance in setting it up, and even outlined what needs to be configured. I have a single outside IP address, and a total of 4 domain names. 3 domains are going to 3 virtual web servers, running 4 different WP installations, at one internal IP address. Another domain I would like to use to access a NAS machine which is on an entirely different LAN.

              I explained how my SSL is currently configured and that I would like to maintain encryption throughout the network on all machines. I don't understand how to do it.

              As of right now, I am using NAT to access the web servers. That's not an option for the last domain and the NAS, so I know I have to use HAProxy. Again, the question is, how do I do it?
              :-)

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Mixing two tickets. Sorry.

                Well, you do it. Start small based on the information available, get one frontend and one backend working and go from there.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.