• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Best practise for using HAProxy for internal servers?

Scheduled Pinned Locked Moved pfSense Packages
4 Posts 3 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    shad0wca7
    last edited by May 20, 2020, 11:41 PM

    I'd like to have a bunch of my docker containers having nice easy to access URLs rather than port numbers etc. I have HAProxy working using https for some external servers but I'd like to use it for these internal severs.

    I tried a little experiment by writing the IP into the DNS Resolver and then resolving that IP to pfsense for HAproxy to pick up (on port 80 this time) but got into a a lot of strange behaviour with the router suspecting DNS rebinding attacks and almost at one point making the web admin page unavailable / unresponsive (it somehow magically came back...). I'm quite sure I'm not doing that correctly so how do I use HAProxy on pfsense to manage internal servers that I never want to be resolved from the WAN side?

    1 Reply Last reply Reply Quote 0
    • C
      costanzo
      last edited by Jun 17, 2020, 3:53 PM

      @shad0wca7 said in Best practise for using HAProxy for internal servers?:

      I'd like to have a bunch of my docker containers having nice easy to access URLs rather than port numbers etc. I have HAProxy working using https for some external servers but I'd like to use it for these internal severs.

      I have something similar setup. I use a virtual IP, 192.168.1.25 and have my HAProxy Front End listening to this virtual IP

      9656758b-7ecf-40f7-a641-49407cf7e85e-image.png
      833c4897-f42d-4744-96f2-dce84dd1af6b-image.png

      The HAProxy "backends" point to the internal server IPs; however, I use the Host override in the DNS to point to the same virtual IP used in the HAProxy Frontend.

      In your example, you would setup and point all your docker servers in the backend, then create DNS host override to point to each of the docker server to the same virtual IP used by HA Proxy.

      With this setup, people accessing the url from inside the network reach the correct server. For example, printer.example.com would reach 192.168.1.25

      53c8dbff-c4de-40d3-b21c-fe8458765511-image.png

      Hope this helps.

      S 1 Reply Last reply Jun 17, 2020, 4:27 PM Reply Quote 2
      • S
        shad0wca7 @costanzo
        last edited by Jun 17, 2020, 4:27 PM

        @costanzo This is basically exactly what I ended up doing as well after thinking about it further (but forgot to post in here).

        Glad to see I'm not the only one coming to this conclusion of how to set it up. Seems reliable.

        1 Reply Last reply Reply Quote 0
        • S
          superloser
          last edited by May 5, 2022, 11:26 PM

          @costanzo

          Your solution is so simple and works perfectly. I basically already had this set up for my WAN interface. And just needed to do the same for my internal networks. You have no idea the countless hours I have spent attempting to get DNS and what not to work internally with my HAProxy. And the endless opinions and options everywhere

          Seriously, thank you so so so much. 👏 😊 😊 😊

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received