HAproxy Setup Help Needed
-
Okay, I'm fairly new to pfSense, and really, the professional extent of my networking experience comes from my home lab! That said, I'll get into what I hope to accomplish and hopefully you can guide me to getting there.
Currently, I am running ESXi on a Dell PowerEdge R710. On that, I have several VMs running, with 1 being a Virtualmin web server, hosting 4 websites, on 3 different domains. I recently added a FreeNAS server to the network, on another VLAN. Right now, I can access the web server via standard NAT rules for ports 80 and 443. However, I am unable to setup standard rules for the FreeNAS/NextCloud machine.
I've been reading over all I can find about how to configure HAproxy to do what I need, but I'm unable to have any good luck in my execution attempts. So, I'll lay it out.
https://DomainA.tld > Web Server 10.0.1.4:443
https://DomainA.tld/blog > Web Server 10.0.1.4:443
https://DomainB.tld > Web Server 10.0.1.4:443
https://DomainC.tld > Web Server 10.0.1.4:443http://nas.DomainD.tld > NAS Server 10.1.1.2:80 (Until routing is correct and SSL can be setup)
https://nas.DomainD.tld > NAS Server 10.1.1.2:443
https://nextcloud.DomainD.tld > NC Jail 10.1.1.3:443As stated, the websites already have established SSL certificates through LE, which is running on Virtualmin. I haven't fully configured the NC Jail, because it needs to be publicly accessible for SSL, which it isn't.
So, any and all assistance in getting this all properly configured will be GREATLY appreciated! I need a complete walk-through.
-
-
Hi Derelict,
Thanks. I have a basic understanding oh how HAProxy works, but after watching that, I'm even more confused about how I need to configure it.
I suppose the most confusing part for me, is how to setup SSL properly. My websites already have certificates issued on the server, and HTTPS redirects are enforced via the .htaccess files. I would like to keep all traffic encrypted, rather than use HTTP on the LAN side.
Would I need to import those certificates to my pfSense box, then have pfSense/ACME get new certificates for HAProxy? Sorry, I"m just really stuck on all of this.
-
Yes. If you don't need what HAproxy provides (like multiple web sites on the same IP address that can't be handled using virtual hosts, etc, load balancing backends, SSL offloading) I would just port forward.
But bouncing back and forth between the two on this thread isn't going to get you a solution.
-
@Derelict, I didn't see it as bouncing back and forth at all. I clearly stated that I need assistance in setting it up, and even outlined what needs to be configured. I have a single outside IP address, and a total of 4 domain names. 3 domains are going to 3 virtual web servers, running 4 different WP installations, at one internal IP address. Another domain I would like to use to access a NAS machine which is on an entirely different LAN.
I explained how my SSL is currently configured and that I would like to maintain encryption throughout the network on all machines. I don't understand how to do it.
As of right now, I am using NAT to access the web servers. That's not an option for the last domain and the NAS, so I know I have to use HAProxy. Again, the question is, how do I do it?
:-)
-
Mixing two tickets. Sorry.
Well, you do it. Start small based on the information available, get one frontend and one backend working and go from there.
