• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Sharing HAProxy front-end for both public and local domains, possible?

DHCP and DNS
1
2
449
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bthoven
    last edited by bthoven Feb 5, 2024, 5:11 AM Feb 5, 2024, 4:13 AM

    public domain: mydomain.com

    local domain: home.mydomain.com

    public domain dns handled via Cloudflare

    HAProxy is working fine for my public domain accessing from outside (listening to WAN address).

    Currently, I use Host override for my local domain/subdomain by pointing it to my nginx proxy manager and it is working fine.

    If I don't want to involve nginx proxy manager at all and just use the same front-end acl/action of HAProxy, which is now serving my public domain, to handle my local domain too, what would be the best solution?

    Thanks.
    login-to-view

    login-to-view

    nginx proxy manager: proxy hosts
    login-to-view

    1 Reply Last reply Reply Quote 0
    • B
      bthoven
      last edited by bthoven Feb 7, 2024, 2:51 AM Feb 5, 2024, 10:03 AM

      ok. I have done it with the following broad steps on pfSense

      1. create letsencrypt certificate for *.home.mydomain.com
      2. create a virtual ip, e.g. 10.255.0.1 (Firewall-->Virtual IP)
      3. HAProxy:
        3.1 add listening ip:port 10.255.0.1:443 below the WAN Address:443 (where all front-end acl/actions are defined for public subdomains)
        3.2 add listening ip:port 10.255.0.1:80 with action http redirect to https below the WAN Address:80 http redirect to https
        3.3 add additional certificate created in step 1 for *.home.mydomain.com
      4. Services--->DNS resolver:
        4.1 Hosts Override: add the first host with hostname the same as one of the public subdomain + home.mydomain.com --->10.255.0.1
        4.2 edit the first host above-->additional name for this host-->add more hosts below the first host + home.mydomain.com

      How this setup works:

      • if enter url: ebook.mydomain.com (public url)
        • look up pfsense dns resolver, no matching domain, then use upstream dns (e.g., quad9 or cloudflare dns or your isp dns servers)
        • quad9 found my wan ip from cloudflare dns (or any authoritive dns server)
        • cloudflare ---> my Wan IP (pfSense) ----> HAproxy --> redirect from http to https ---> front-end --->backend--->local servers
      • enter url: ebook.home.mydomain.com (local url)
        • look up pfsense dns resolver, found hosts override entry ebook.home.chotechai.com --->10.255.0.1
        • go direct to HAproxy listening ip 10.255.0.1 -->redirect from http to https--->front-end--->backend--->local servers

      I am not an expert and do not claim this is the right way, but it works for me. Any recommendations are welcome.
      Update: I found that by using Virtual IP, my tailscale clients can't reach hosts on home.mydomain.com. Instead, using Lan Address on Haproxy front-end, and LAN interface IP, e.g. 192.168.1.1 for host override have solved the problem.

      Services --> Acme
      login-to-view

      Firewall --> Virtural IPs
      login-to-view

      Services --> HAProxy --> Front-ends
      login-to-view

      DNS Resolver --> Hosts Override
      login-to-view

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.