Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using SSL offloading to access Services

    Scheduled Pinned Locked Moved
    Cache/Proxy
    ssl haproxy nas
    2
    2
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      ahole4sure
      last edited by

      Re: [HAProxy](Letsencrypt and synology)

      @Renat and @johnpoz

      I saw a very old thread that you guys were part of, and was hoping to get some input. I basically want to accomplish something, but I would like to do it the “correct way “.

      Currently, I have a pfsense router using Acme and Let’s Encrypt and then use HAproxy for SSL offLoading.
      I access my Synology externally
      I access WebDAV externally
      And a couple of other services
      I also access (and allow friends and family) and Emby server that is located on the NAS
      Each of these are on different subdomains of a domain that I will permanently own for my wife’s business.

      It appears that ACME is doing the job of renewing the certificates that are only good for 90 days on the pfsense router, and thus the HAproxy set up.
      Within Emby I had originally pointed to a pkcs#12 version of the certificate created by Acme within PFsense. (That did take an extra step, and sometimes left me a few days where friends or family would complain that the server was not accessible.)
      I just found out that EMBY has a setting that tells the server to let “reverse proxy handle the SSL.

      My question is, does the Synology NAS actually require me to keep a up to date (or any at all for that matter) version of the certificate on the NAS itself if HAproxy is handling the SSL offloading? If it does not, then I can quit worrying about having to transfer the certificates from pfsense to Synology. Is there some sort of setting in the Synology Nas where I need to tell Synology to let SSL be handled by the reverse proxy?

      R 1 Reply Last reply Reply Quote 0
      • R
        renat_kaa @ahole4sure
        last edited by

        @ahole4sure no, it is not required if you're using SSL Offloading option on Haproxy frontend. In this case it is better to use http for backend (or issue some internal ssl cert on pfsense for your synology)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post