• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAProxy 502 bad gateway with Cloudflare Proxy

Cache/Proxy
5
34
5.4k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ?
    A Former User @jycai
    last edited by Mar 28, 2022, 7:37 AM

    @jycai I have installed a Mikrotik CRS305 as Switch in my Network and at least the odd kde connect behaviour is fixed.

    But the cloudflare issue still remains.

    ? 1 Reply Last reply Mar 31, 2022, 7:51 PM Reply Quote 0
    • ?
      A Former User @A Former User
      last edited by Mar 31, 2022, 7:51 PM

      I now tried to setup up everything with squid reverse proxy instead of haproxy but the issue with cloudflare proxy still remains. So it should not be a problem with haproxy itself.

      ? 1 Reply Last reply Mar 31, 2022, 8:25 PM Reply Quote 0
      • ?
        A Former User @A Former User
        last edited by Mar 31, 2022, 8:25 PM

        It seems like I have found the answer!

        Cloudflare DNS Proxy only works with http/https traffic on free tier. If non http/https traffic is used, for example when using a minecraft server, the DNS Proxy does not work.

        This is where I got the information from:

        https://community.cloudflare.com/t/cloudflare-minecraft-proxy/167417

        J 1 Reply Last reply Mar 31, 2022, 10:46 PM Reply Quote 0
        • J
          jycai @A Former User
          last edited by Mar 31, 2022, 10:46 PM

          @klaussemmler Some people mention pfBlockerNG is blocking traffic from Cloudflare proxied server, but my website still not work after I completely removed pfBlockerNG and reboot pfSense .

          ? 1 Reply Last reply Mar 31, 2022, 11:07 PM Reply Quote 0
          • ?
            A Former User @jycai
            last edited by A Former User Mar 31, 2022, 11:08 PM Mar 31, 2022, 11:07 PM

            @jycai Have you whitelisted the cloudflare ips in your pfSense? You can actually do this automated with pfBlockerng.

            The ipv4 ips can be found here: https://www.cloudflare.com/ips-v4
            The ipv6 ips can be found here: https://www.cloudflare.com/ips-v6

            My pfBlockerng config for ipv4 looks like this (The alias at Custom DST Port contains port 80 and 443):

            login-to-view

            J 1 Reply Last reply Apr 1, 2022, 3:06 AM Reply Quote 0
            • J
              jycai @A Former User
              last edited by jycai Apr 1, 2022, 3:09 AM Apr 1, 2022, 3:06 AM

              @klaussemmler Thank you I added the Cloudlfare IPs whitelist in pfBlockerNG as you suggest, however the Clourflare proxied still not working with Haproxy SSL offload on my nextcloud website. I don't get the error as 502, but missing half page info. It is working when Cloudlfare proxied is off.

              I am runing version 2.6 and will try 2.52 and 2.4 later on to see if it makes a difference.

              ? 1 Reply Last reply Apr 1, 2022, 7:09 AM Reply Quote 0
              • ?
                A Former User @jycai
                last edited by Apr 1, 2022, 7:09 AM

                @jycai Okay, interesting. Another thing that could cause problems with cloudflare is the encryption mode in the SSL/TLS menu. Try the modes flexible, full and full (strict) and see, if this fixes your problem.

                login-to-view

                J 1 Reply Last reply Apr 2, 2022, 12:57 PM Reply Quote 0
                • J
                  jycai @A Former User
                  last edited by jycai Apr 2, 2022, 1:01 PM Apr 2, 2022, 12:57 PM

                  @klaussemmler
                  Flexible mode - no connection at all
                  Full - Load half page
                  Full(strict) - Error 526
                  V2.6, V2.52 and V2.4 with Acme or Cloudflare origin server certificate - all the same result.😧

                  ? F 2 Replies Last reply Apr 2, 2022, 3:51 PM Reply Quote 0
                  • ?
                    A Former User @jycai
                    last edited by Apr 2, 2022, 3:51 PM

                    @jycai I am kinda out of ideas. But you can try to toggle the options in SSL/TLS -> Edge Cetificates.

                    And are you sure you use the correct certificates for all servers?

                    1 Reply Last reply Reply Quote 0
                    • F
                      firewallwiki @jycai
                      last edited by Oct 1, 2022, 8:47 PM

                      @jycai with free cf choose flexible mode.
                      Check your pfsense firewall.
                      Sometimes problem at frontend and backend. I remove and recreate. It’s work

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.