Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    HAProxy: HTTP frontend works, HTTPS frontend doesn't

    HA/CARP/VIPs
    2
    2
    849
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      RonRN18 last edited by

      My primary reason to use HAProxy is to more easily and securely connect to sites on my internal network and offload SSL. I originally created two frontends with one redirecting any HTTP traffic to HTTPS and the other to actually redirect ALL the websites. Nothing worked. I would generally get 522 error. I had several sites that were NOT using HTTPS, so I disabled the HTTP redirect and create a new frontend to handle non-HTTPS sites. Low-and-behold, this works! I have several different backends that are all functioning as I was expecting. Unfortunately, all of my HTTPS websites are now giving me 503 errors. I have verified that all of my certificates are valid but it seems as though something with SSL offloading isn't functioning properly.

      I have followed numerous tutorials, many of which show different methods of doing essentially the same thing and I've tried them all. I've reduced my NAT and firewall rules to the bare-minimum for services to otherwise function properly on my network.

      If it makes any differences, when it comes to DNS control and certificates, they are managed by Cloudflare.

      johnpoz 1 Reply Last reply Reply Quote 0
      • johnpoz
        johnpoz LAYER 8 Global Moderator @RonRN18 last edited by

        @ronrn18 I have a domain with cloudflare, that points to my wan IP. And I use haproxy to do ssl offloading of this service because its just a docker and https is not really supported.

        I am not having any issues with this. I use a acme cert..

        I can bounce off the proxy both internally, and externally my users are able to access it. I even share the outside 443 port being used with openvpn and have not problems.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 23.01 | Lab VMs CE 2.6, 2.7

        1 Reply Last reply Reply Quote 0
        • First post
          Last post