Assistance with setting up HAproxy
-
hi guys, I need help setting up my haproxy on pfsense, when i plug my switch into my dlink router everything works fine can access my sites external with the fqdn setup in cloudflare, but the moment i plug my fibre into wan port on the pfsense box I can't access anything via fqdn, I have signed my pfsense with a cert created in acme so it is secure but I setup other certs go to haproxy setup everything there and try and access nothing works. I followed this guide https://docs.kois.cc/networking/pfsense/ which is supposed to work after all steps are completed, I also watched multiple videos including https://www.youtube.com/watch?v=cB6oKJjr4Ls&t=255s&ab_channel=RaidOwl and still can't figure out what I'm missing any help would be appreciated, I am using a Dell R720 with esxi 7 then installed on top of that is truenas 22.12 and then a few kubernetes pods, such as traefik, authelia, jellyfin, sonarr, radarr, prowlarr, bazarr, homarr, lldap and a few more
-
sorry maybe I explained incorrectly so from the fibre ONT WAN port on the firewall netgate sg-2100, then lan 01 to the switch, internet still works fine can access everything as per normal but not via fqdn and only internally can't break out to the internet, which leads me to believe the firewall is blocking it that it can't get out and no traffic can get to it so if i try for example on cloudflare configure abc.com and i create a cert for it in pfsense then go to haproxy and set it up there and check status of abc.com its red even though all steps were followed, but if i remove both lan and wan cables from netgate and plug into dlink, then i can access abc.com internally and externally with traefik acting as reverse proxy from truenas side
-
@zari90 said in Assistance with setting up HAproxy:
internet still works fine can access everything as per normal but not via fqdn and only internally can't break out to the internet
To you mean public FQDNs or just yours?
Are you able to resolve public host names at all, like google.com?
Not clear, what this issue has to do with HAproxy. Pretty confusing description.
-
@viragomann I can get to any website just setting up haproxy for my own sites with a domain on pfsense with haproxy doesn't work if I remove lan and wan cables from netgate and plug into dlink router it works perfectly and get to my sites no problem using traefik setup in truenas scale
-
@zari90
First of you have to ensure that the backend in HAproxy stats are displayed green.
Did you enable health check in the backend? Try basic. -
@viragomann yes I have and it is red so L4OK and then it's down, I followed this guide https://docs.kois.cc/networking/pfsense/ but just can't seem to get it running correctly
-
@zari90 said in Assistance with setting up HAproxy:
yes I have and it is red so L4OK and then it's down,
What should this mean?
If you have enabled basic health check you might see L4OK only if the backend is green, but not if it's red.
And if it's red it means, that pfSense cannot establish a TCP connection to the backend on the port you've stated.Please post your HAproxy configuration to get closer to this.
-
@viragomann someone told me to try and set my frontend to LAN IP in HAProxy and it broke the frontend
need to reset my config again