Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy error and not work

    Cache/Proxy
    1
    1
    228
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bilm
      last edited by

      Hello,
      Im new to pfsense and to haproxy.
      I'm testing the implementation of the following infrastructure:
      alt text

      The goal is to give access to several services installed in VMs isolated in a LAN. The public ip to contact these services is provided by a wireguard tunnel (this ip is dedicated). These services will be reachable via several domain names.
      Before setting up on the proxmox machine, I try to configure this on virtualbox.

      So far, I've set up the following things, which seem to work:

      1. configuration of the tun_wg0 wireguard tunnel and a peer to connect to the dedicated ip address. I've taken inspiration from a site-to-site configuration to do this (https://docs.netgate.com/pfsense/en/latest/recipes/wireguard-s2s.html). wireguard status is green.

      2. To give Internet access to a VM in the LAN, I used a "policy based routing" configuration inspired by this tutorial: https://protonvpn.com/support/pfsense-wireguard/
        Creation of an OPT1_VPN interface for my tun_wg0 tunnel, then addition of a new gateway, and configuration of firewall rules

      at this stage, the VM on my LAN has access to the Internet with the ip of my tun_wg0 tunnel.

      1. Then I set up a certificate for a sub-domain test.mydomain.com with acme by adding an _acme-challenge record in my DNS.

      2. And finally I set up HAproxy to redirect calls from my sub-domain test.mydomain.com to my local VM (where I installed a lamp-server).
        Here's the configuration for my backend:
        server list: "active" mode; Forwardto "Address+Port"; Address "192.168.2.2"; Port "80"; client certificate created with acme previously
        health check method "HTTP"

      And for my Frontend:
      External address : Listen address "OPT1_VPN address (IPV4)" ; Port 443 ; SSL Offloading checked
      Backend default : Table : Name "AccesSite" ; Expression "Host matches": ; Value "test.mydomain.com"
      Defaut backend : Actions : Action "Use Backend" ; backend "test.mydomain.com" ; Condition acl names "AccesSite"

      I got the following error when activating haproxy:
      pfsense [NOTICE] (91333) : config : config: Can't open global server state file '/tmp/haproxy_server_state'

      then when testing access to test.mydomain.com, firefox returns a PR_CONNECT_RESET_ERROR error, as my machine was switched off...

      Do you have any idea where the problem might be?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.