Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense haproxy LAN side issues

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 621 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      caymann
      last edited by caymann

      I am using pfsense, haproxy to setup WAN side and LAN side

      I have a few external facing websites that i want to serve through WAN side
      But i also have a few internal only websites (like bitwarden, NAS/openmediavault running dockers, Portianer etc). I donot want them facing WAN. I would VPN in to access these internal sites.

      These websites are run on individual docker containers.
      So a host with IP 192.168.1.1 can have multiple websites hosted on different docker ports
      The docker container internal ports are mapped to outside ports that don't conflict.
      So an internal port 443 would be mapped to 4431 for website1, 4432 for website2 etc
      Similarly an internal port 80 would be mapped to 8001 for website 5, 8002 for website 6 etc

      I use Cloudflare as my DNS provider and all SSL certificates are from Let's Encrypt.
      I don't use any private certificates.

      OpenVPN works fine. And once VPN in, i am able to access the internal websites with no issues
      doesn't matter weather they are on Haproxy WAN side or LAN side

      But I am having no luck working this from LAN side when i am "inside the LAN".
      It says,

      This page is not working.
      bitwarden.mydomain.com didn't send any data
      ERR_EMPTY_RESPONSE

      As a test setup, i worked everything on WAN side.
      Then deleted the sites from the frontend WAN and added them to frontend LAN
      I have the same backend.

      As another test, I also tried VPN into pfsense and everything works fine.
      I can access all websites on LAN only

      The DNS resolver has following settings
      SSL/TLS certificate: pfsense certificate from letsencrypt
      Network Interfaces=All
      Outgoing Network Interfaces=All
      DNSSEC= yes
      DHCP registration = yes
      Static DHCP = Yes
      OpenVPN clients=Yes

      Host Overrides:
      I cannot use host overrides as i have multiple docker containers on the same host.

      Haproxy front end>
      Name=Https_LAN
      External Address: LAN address ....443....SSL offloading (checked)
      Access Control lists: bitwarden Host matches no no bitwarden.mydomain.org
      Actions: Use backend ...conditional acl name (bitwarden)....backend:bitwarden

      default backend=none
      Use forwardfor option=yes
      http-keep-alive
      Certificate = wildcard let's encrypt certificate for mydomain.org
      Add ACL for certificate subject alternatives names= yes
      Additional certificate=bitwarden let's encrypt for mydomain.org
      Add ACL=yes

      Backend>
      Name=bitwarden
      Address+port=192.168.1.100:8343
      Encrypt=yes ( i have also tried no)
      CA:Acmecert Lets encrypt
      Client cert=bitwarden lets encrypt

      I keep thinking this maybe the firewall
      Here is LAN on firewall

      1. Antilockout rule
      2. Interface=LAN
        IPv4
        Protocol=Any
        Source=LAN net
        Destination=any
      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @caymann
        last edited by

        @caymann said in pfsense haproxy LAN side issues:

        Host Overrides:
        I cannot use host overrides as i have multiple docker containers on the same host.

        HAproxy is your frontend server. So point the host overrides to the LAN IP of pfSense, not to the backend.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.