Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    some clarification about ports (general understanding)

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 512 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pooperman
      last edited by

      Hi Folks,

      I have an openVPN Server running on pfSense.
      It listens on port 443. I use it on my phone to connect to my home network. to avoid getting blocked on public hotspots, company and so on I have chosen tcp 443 port.

      now I want to set up HAProxy and host an own webpage, also on port 443 and 80.
      I think that might clash. can I tell my firewall somehow to sort this? if the telegram is for openvpn or for the webserver?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        Here is how I do this..

        In your openvpn setup that listens on 443, in the advanced section, custom options for that openvpn instance.
        port-share 127.0.0.1 9443

        Now when traffic hits your openvpn, and its not openvpn traffic it sends it to port 9443, which is the port HaProxy is listening on.. It can then send this traffic to where you want.

        I have this setup so access ombi (requests for plex) works on 443..
        haproxy.jpg

        Your port 80 would be its own setup in haproxy, because 80 not going to be going to openvpn.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 1
        • P
          pooperman
          last edited by

          that works perfect!

          many thanks

          since you are already in this, may I raise a few more questions.

          1.) in HAProxy i am using ssl offloading. means the server does not have a certificate. for HAProxy and the outside world, I would like to use a certificate.
          DuckDNS offers you the option to get a dyndns. the ACME package can claim a certificate from letsencrypt. is the txt record added to duckdns via the token?

          2.) Lets say I calim the certificate "domain.duckdns.org".
          Via HAProxy i want to revers proxy "subdomain.domain.duckdns.org" is that certificate from lets encrypt added into the frontend valid for the backend or do i need to get a certificate with the same name as the backend?

          3.) i managed it somehow to get wordpress working, via https. but it looks ugly, the page looks broken. If I go to the page via the IP over LAN it looks, as it should. If I check with my phone from cellphone network, it looks broken. any Idea?

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Your front end ssl cert does not have to match the backend cert. Where you get the certs is up to you.. If duckdns will create a dns entry for you to grab a cert via acme, that works.

            You can also use wildcard certs so *.whatever.tld works..

            If page looks broken - normally this points to css not loading.. Have to look to how the site tells the browser to load the css file.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.