Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sharing HAProxy front-end for both public and local domains, possible?

    Scheduled Pinned Locked Moved DHCP and DNS
    2 Posts 1 Posters 483 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bthovenB
      bthoven
      last edited by bthoven

      public domain: mydomain.com

      local domain: home.mydomain.com

      public domain dns handled via Cloudflare

      HAProxy is working fine for my public domain accessing from outside (listening to WAN address).

      Currently, I use Host override for my local domain/subdomain by pointing it to my nginx proxy manager and it is working fine.

      If I don't want to involve nginx proxy manager at all and just use the same front-end acl/action of HAProxy, which is now serving my public domain, to handle my local domain too, what would be the best solution?

      Thanks.
      98e92744-169d-4dba-8a2c-e159aea087b8-image.png

      ffa7f661-4c67-4478-8194-4812ce121748-image.png

      nginx proxy manager: proxy hosts
      581291a2-f9fe-4025-8a1e-2d543273e23e-image.png

      1 Reply Last reply Reply Quote 0
      • bthovenB
        bthoven
        last edited by bthoven

        ok. I have done it with the following broad steps on pfSense

        1. create letsencrypt certificate for *.home.mydomain.com
        2. create a virtual ip, e.g. 10.255.0.1 (Firewall-->Virtual IP)
        3. HAProxy:
          3.1 add listening ip:port 10.255.0.1:443 below the WAN Address:443 (where all front-end acl/actions are defined for public subdomains)
          3.2 add listening ip:port 10.255.0.1:80 with action http redirect to https below the WAN Address:80 http redirect to https
          3.3 add additional certificate created in step 1 for *.home.mydomain.com
        4. Services--->DNS resolver:
          4.1 Hosts Override: add the first host with hostname the same as one of the public subdomain + home.mydomain.com --->10.255.0.1
          4.2 edit the first host above-->additional name for this host-->add more hosts below the first host + home.mydomain.com

        How this setup works:

        • if enter url: ebook.mydomain.com (public url)
          • look up pfsense dns resolver, no matching domain, then use upstream dns (e.g., quad9 or cloudflare dns or your isp dns servers)
          • quad9 found my wan ip from cloudflare dns (or any authoritive dns server)
          • cloudflare ---> my Wan IP (pfSense) ----> HAproxy --> redirect from http to https ---> front-end --->backend--->local servers
        • enter url: ebook.home.mydomain.com (local url)
          • look up pfsense dns resolver, found hosts override entry ebook.home.chotechai.com --->10.255.0.1
          • go direct to HAproxy listening ip 10.255.0.1 -->redirect from http to https--->front-end--->backend--->local servers

        I am not an expert and do not claim this is the right way, but it works for me. Any recommendations are welcome.
        Update: I found that by using Virtual IP, my tailscale clients can't reach hosts on home.mydomain.com. Instead, using Lan Address on Haproxy front-end, and LAN interface IP, e.g. 192.168.1.1 for host override have solved the problem.

        Services --> Acme
        c2d5adeb-9eeb-4e1b-820f-cbb698406cac-image.png

        Firewall --> Virtural IPs
        a2730963-4f6f-4c1c-ae67-d79f17f27b4e-image.png

        Services --> HAProxy --> Front-ends
        8efbc8df-f334-485d-853b-75704e91f8fa-image.png

        DNS Resolver --> Hosts Override
        6864a9b1-22bd-490d-aa35-afb46feb18a0-image.png

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.