Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy & ACME - Site not loading

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 1 Posters 425 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • CreationGuyC
      CreationGuy
      last edited by CreationGuy

      I have ACME and HAProxy installed. I followed this video, my goal is to create an wild card SSL for use of internal services (portainer, PVE, docker, etc).

      Namecheap is the domain registrar, Cloudflare is the Proxy, so I have an A record in CF to point to my public IP, CF proxies that. I created an API key for *.mydomain.com.

      ACME / Account Keys:
      Created one, Registered

      ACME / Certs
      Domain name is *.mydomain.com, using DNS-Cloudflare for the Method, entered in the info and got a cert

      HAProxy / Backend
      intranet.mydomain.com
      Screenshot 2022-10-27 at 00-13-35 TheWall.jrfam.lan - Services HAProxy Backend Edit.png

      HAProxy / Frontend
      Screenshot 2022-10-27 at 00-14-45 TheWall.jrfam.lan - Services HAProxy Frontend Edit.png
      I selected Proxmox address as the site is on a VM in Proxmox server (10.20.20.3) on the VLAN, that server (10.20.20.4) is Ubuntu Server with Portainer running a docker for an intranet dashboard. 9455 is the port that the docker container uses for the intranet. This particular docker container does not ship with HTTPS.

      Screenshot 2022-10-27 at 00-19-55 TheWall.jrfam.lan - Services HAProxy Frontend Edit.png
      I cut off the value for privacy

      Further down, under SSL Offloading, I selected the wildcard cert from ACME.

      Services / DNS / Resolver / General Settings
      Capture.JPG

      The service is running, I cleared dns cache, etc, but the site times out.

      dig @10.10.10.1 intranet.mydomain.com
      ; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> @10.10.10.1 intranet.mydomain.com
      ; (1 server found)
      ;; global options: +cmd
      ;; Got answer:
      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49256
      ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
      
      ;; OPT PSEUDOSECTION:
      ; EDNS: version: 0, flags:; udp: 1232
      ;; QUESTION SECTION:
      ;intranet.mydomain.com.		IN	A
      
      ;; ANSWER SECTION:
      intranet.mydomain.com.	3600	IN	A	10.20.20.1
      
      ;; Query time: 8 msec
      ;; SERVER: 10.10.10.1#53(10.10.10.1) (UDP)
      ;; WHEN: Thu Oct 27 04:25:21 UTC 2022
      ;; MSG SIZE  rcvd: 63
      

      What am I doing wrong?

      CreationGuyC 1 Reply Last reply Reply Quote 0
      • CreationGuyC
        CreationGuy
        last edited by

        Here's a few more settings:
        Screenshot 2022-10-27 at 13-09-36 TheWall.jrfam.lan - System Advanced Admin Access.png
        Screenshot 2022-10-27 at 13-04-45 Overview Documentation SSL_TLS jrfam.net Oursignups@pm.me's Account Cloudflare.png

        1 Reply Last reply Reply Quote 0
        • CreationGuyC
          CreationGuy @CreationGuy
          last edited by

          @creationguy said in HAProxy & ACME - Site not loading:

          HAProxy / Frontend
          Screenshot 2022-10-27 at 00-14-45 TheWall.jrfam.lan - Services HAProxy Frontend Edit.png
          I selected Proxmox address as the site is on a VM in Proxmox server (10.20.20.3) on the VLAN, that server (10.20.20.4) is Ubuntu Server with Portainer running a docker for an intranet dashboard. 9455 is the port that the docker container uses for the intranet. This particular docker container does not ship with HTTPS.

          An Update:
          The front end configuration was the problem, the port needs to be 443. Also, just to note, on the backend, if the site does NOT have SSL, then you need to uncheck Encrypt(SSL) on the BACKEND.

          HAProxy / Backend
          intranet.mydomain.com
          Screenshot 2022-10-27 at 00-13-35 TheWall.jrfam.lan - Services HAProxy Backend Edit.png

          Everything is now working. Unfortunately, if I go to https://crt.sh/ and check my domain, I have a BUNCH of SSL certs. Oh well.


          Question:
          How does this tool auto-update my public IP with Cloudflare so that my @ record is always up to date?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.