Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense + Haproxy - internal LAN redirect backend with acme valed certification

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      liboriolibs
      last edited by

      Hello there,

      Can any one help with a post or a link or how to do , Lan redirection from frontend to backend server with a valide web certificate created by acme letsencrypt.

      i only wont haproxy on LAN interface and obten from this services a valid certification created with acme services on pfsense, when is redirection from frontend to backend on local LAN.

      i configured the system like this

      1 - acme
      1.1 - create a key
      1.2 - create a certificate - backend-1

      2 - Haproxy
      2.1 - create backend
      2.1.1 - name - backend-1
      2.1.2 - server list
      name server 1
      forwardto - address+port
      address - 192.168.10.10
      port - 4484
      encrypt ssl - no
      ssl checks - no
      2.1.3 - transparent clientip
      check
      select LAN interface
      2.2 - create frontend
      2.2.1 - name - frontend-1
      2.2.2 - external address
      listen address - lan
      port : 10443
      ssl offloading - check
      type - http / https (offloading)
      2.2.3 - accontrol list
      name - acl1
      expression - host starts with
      value - 192.168.10.10
      action
      action - use backend
      parameters - see bellow
      condition act name - ACL1
      backend - backend-1
      2.2.4 advanced settings
      use forwardfor - chec
      2.2.5 ssl offloading
      certificate - backend-1
      2.5. settings
      2.5.1 - enable haproxy
      2.5.2 - maximum connection - 10
      2.5.3 - stats tab
      internal stats port - 2200
      internal stats refresh - 10
      sticktable page refresh - 10
      2.5.4 - tunning
      max sll - 2048

      3 - DNS Resolver
      3.1 - host overrides
      host - backend-1
      parent domain - office
      ip to return for host - 192.168.10.10
      descriotion - webserveroffice

      then i use the on web browser
      https://backend-1

      and retornes the webserver page without a valide certificate and the certificate is selfsigne from the this backend server.

      Please any one ?

      thanks

      1 Reply Last reply Reply Quote 0
      • C
        coatmaker618
        last edited by coatmaker618

        @liboriolibs said in pfSense + Haproxy - internal LAN redirect backend with acme valed certification:

        ssl offloading - check
        type - http / https (offloading)

        Try changing this to HTTP & disabling offloading. SSL Offloading seems to indicate that you want PFSense to get HTTPS and send out HTTP (implying it has the certs). I was trying to do the same thing (see link below). While I had a different problem I think it's the same solution.

        https://forum.netgate.com/topic/153028/haproxy-deleting-acl-on-modify-bug-or-am-i-missing-something/3

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.