HAproxy on pfsense, HAproxy in front of traefik

sgw · Jan 27, 2020, 5:13 PM

My goals:

pfsense with HAproxy between WAN and LAN/DMZ/VLANs.
that HAproxy does SSL-termination for some hosts behind
additionally there should be traefik on a docker server and that traefik should pull its own ACME certs from outside
all that behind a single WAN-IP

I already tried my luck with some CNAMEs in DNS and ACLs in the HAproxy-setup, no luck so far.

Does anyone have something like this up and running?

ps: additional issue: I let HAproxy pull the cert for pfsense itself via that luafile Method (https://forum.netgate.com/topic/90643/let-s-encypt-support/32). So there is an ACL already matching that "./well-known" path ... I put it last already without success. maybe that is part of my problems, I will try to disable that for debugging.

sophware · Mar 27, 2021, 2:43 AM

@sgw Did you ever figure out something close to this ideal?

sgw · Mar 27, 2021, 8:33 AM

@sophware Not really, as I didn't need that particular setup professionally. I am quite sure it's possible, but I didn't find howtos or so. I think my problem was the 2 certbots: first on pfsense, 2nd on traefik behind ... and the haproxy ACLs with the mentioned "well-known" strings.

joulester · May 10, 2021, 3:19 PM

@sgw Hello! i´m trying to do this but i don't need the cert because I use cloudflare. How did you begin to solve this?

sophware · May 10, 2021, 3:19 PM

@joulester The short version is it just worked. Especially if you don't need the certificate part, it just works. To give me an idea how to be more helpful than just saying it works, is there a step you have a question about?