pfSense + Haproxy - internal LAN redirect backend with acme valed certification
-
Hello there,
Can any one help with a post or a link or how to do , Lan redirection from frontend to backend server with a valide web certificate created by acme letsencrypt.
i only wont haproxy on LAN interface and obten from this services a valid certification created with acme services on pfsense, when is redirection from frontend to backend on local LAN.
i configured the system like this
1 - acme
1.1 - create a key
1.2 - create a certificate - backend-12 - Haproxy
2.1 - create backend
2.1.1 - name - backend-1
2.1.2 - server list
name server 1
forwardto - address+port
address - 192.168.10.10
port - 4484
encrypt ssl - no
ssl checks - no
2.1.3 - transparent clientip
check
select LAN interface
2.2 - create frontend
2.2.1 - name - frontend-1
2.2.2 - external address
listen address - lan
port : 10443
ssl offloading - check
type - http / https (offloading)
2.2.3 - accontrol list
name - acl1
expression - host starts with
value - 192.168.10.10
action
action - use backend
parameters - see bellow
condition act name - ACL1
backend - backend-1
2.2.4 advanced settings
use forwardfor - chec
2.2.5 ssl offloading
certificate - backend-1
2.5. settings
2.5.1 - enable haproxy
2.5.2 - maximum connection - 10
2.5.3 - stats tab
internal stats port - 2200
internal stats refresh - 10
sticktable page refresh - 10
2.5.4 - tunning
max sll - 20483 - DNS Resolver
3.1 - host overrides
host - backend-1
parent domain - office
ip to return for host - 192.168.10.10
descriotion - webserverofficethen i use the on web browser
https://backend-1and retornes the webserver page without a valide certificate and the certificate is selfsigne from the this backend server.
Please any one ?
thanks
-
@liboriolibs said in pfSense + Haproxy - internal LAN redirect backend with acme valed certification:
screenshots from frontend and backend please
also screenshots from your acl (host match)
and screenshot from dns resolverbrNP
-
This post is deleted!