• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAproxy on pfsense, HAproxy in front of traefik

Cache/Proxy
3
5
1.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sgw
    last edited by sgw Jan 27, 2020, 5:13 PM Jan 27, 2020, 4:26 PM

    My goals:

    • pfsense with HAproxy between WAN and LAN/DMZ/VLANs.
    • that HAproxy does SSL-termination for some hosts behind
    • additionally there should be traefik on a docker server and that traefik should pull its own ACME certs from outside
    • all that behind a single WAN-IP

    I already tried my luck with some CNAMEs in DNS and ACLs in the HAproxy-setup, no luck so far.

    Does anyone have something like this up and running?

    ps: additional issue: I let HAproxy pull the cert for pfsense itself via that luafile Method (https://forum.netgate.com/topic/90643/let-s-encypt-support/32). So there is an ACL already matching that "./well-known" path ... I put it last already without success. maybe that is part of my problems, I will try to disable that for debugging.

    S 1 Reply Last reply Mar 27, 2021, 2:43 AM Reply Quote 0
    • S
      sophware @sgw
      last edited by Mar 27, 2021, 2:43 AM

      @sgw Did you ever figure out something close to this ideal?

      S 1 Reply Last reply Mar 27, 2021, 8:33 AM Reply Quote 0
      • S
        sgw @sophware
        last edited by Mar 27, 2021, 8:33 AM

        @sophware Not really, as I didn't need that particular setup professionally. I am quite sure it's possible, but I didn't find howtos or so. I think my problem was the 2 certbots: first on pfsense, 2nd on traefik behind ... and the haproxy ACLs with the mentioned "well-known" strings.

        J 1 Reply Last reply May 10, 2021, 11:24 AM Reply Quote 0
        • J
          joulester @sgw
          last edited by May 10, 2021, 11:24 AM

          @sgw Hello! i´m trying to do this but i don't need the cert because I use cloudflare. How did you begin to solve this?

          S 1 Reply Last reply May 10, 2021, 3:19 PM Reply Quote 0
          • S
            sophware @joulester
            last edited by May 10, 2021, 3:19 PM

            @joulester The short version is it just worked. Especially if you don't need the certificate part, it just works. To give me an idea how to be more helpful than just saying it works, is there a step you have a question about?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.