Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Trouble with HA Proxy

    Scheduled Pinned Locked Moved
    Cache/Proxy
    1
    1
    490
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      thejdrakester
      last edited by

      In the past 6 months I purchased an SG-5100 that I’m trying to learn how to configure and use as a network admin novice. Presently, my issue is configuring HA Proxy as both a forward/reverse proxy in conjunction with ACME for added security. I have followed many tutorials offered on YouTube to include those produced by Lawrence Systems, SystemaD, Raid Owl, Sheridan Computers, and Gateway IT Tutorials. I’m not sure why, but none work. Oddly, I’ve been able to successfully create an ACME cert and configured the SG-5100 for internal network access and management using the Lawrence Systems tutorial.

      Here is what I’ve done so far to configure an internal SSL encryption connection with my Proxmox server which resides on a vlan:

      1. Created a Cloudflare API Token with Zone.Zone Settings Read, Zone.Zone Read and Zone.DNS Edit permissions for All Zones from my Cloudflare account.

      2. Setup DDNS services on the SG-5100 using Cloudflare.

      3. Set the SSL/TLS encryption mode to flexible for my domain within Cloudflare to Flexible.

      4. Created a hose CNAME entry within the Cloudflare DNS Management for my domain.

      5. Created a wildcard ACME cert and issued it with Cloudflare.

      6. Created a virtual IP for HA Proxy within the lan.

      7. Created two Port Forward NAT rules for ports 80 and 443 to be used for future external connectivity of privately hosted services, i.e. Minecraft, NextCloud, etc. These are disabled at the moment.

      8. Created two pass rules on the WAN interface for ports 80 and 443 with the destination as This Firewall.

      9. Created an internal DNS Resolver entry to resolve the host internally pointing to the HA Proxy virtual IP.

      10. Configured the HA Proxy settings and enabled it.

      11. Created an HA Proxy backend for the host on port 8006 (Encrypt SSL Checkbox unchecked).

      12. Created two HA Proxy Frontends. The first to redirect http requests through the HA Proxy virtual IP that listens on port 80 and the second to connect to the host with SSL encryption using the wildcard cert.

      All of this done, I should be able to access the host using https://host.my-domain.com with SSL encryption, but I get a 502: Bad Gateway Error. Looking at the pfSense System Logs, I see that the WAN interface port 80 HA Proxy rule allowed traffic, then a Default deny rule IPv4 blocked traffic but I’m not sure if it was related to my request. The HA Proxy logs say a connection was established between the client and the host at the same time the firewall logs say it allowed traffic. Other than that, I’m at a loss and would greatly appreciate any help the community could offer.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.