• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAProxy: HTTP frontend works, HTTPS frontend doesn't

Scheduled Pinned Locked Moved HA/CARP/VIPs
2 Posts 2 Posters 1.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    RonRN18
    last edited by Oct 18, 2021, 8:14 PM

    My primary reason to use HAProxy is to more easily and securely connect to sites on my internal network and offload SSL. I originally created two frontends with one redirecting any HTTP traffic to HTTPS and the other to actually redirect ALL the websites. Nothing worked. I would generally get 522 error. I had several sites that were NOT using HTTPS, so I disabled the HTTP redirect and create a new frontend to handle non-HTTPS sites. Low-and-behold, this works! I have several different backends that are all functioning as I was expecting. Unfortunately, all of my HTTPS websites are now giving me 503 errors. I have verified that all of my certificates are valid but it seems as though something with SSL offloading isn't functioning properly.

    I have followed numerous tutorials, many of which show different methods of doing essentially the same thing and I've tried them all. I've reduced my NAT and firewall rules to the bare-minimum for services to otherwise function properly on my network.

    If it makes any differences, when it comes to DNS control and certificates, they are managed by Cloudflare.

    J 1 Reply Last reply Oct 18, 2021, 8:17 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @RonRN18
      last edited by Oct 18, 2021, 8:17 PM

      @ronrn18 I have a domain with cloudflare, that points to my wan IP. And I use haproxy to do ssl offloading of this service because its just a docker and https is not really supported.

      I am not having any issues with this. I use a acme cert..

      I can bounce off the proxy both internally, and externally my users are able to access it. I even share the outside 443 port being used with openvpn and have not problems.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received