switch from HAProxy Manager to pfsense haproxy
-
Hi @ll,
for now I use an HAProxy Manager (Proxmox LXC) behind AdBlocker to redirect to all my Servers.
Now I want to make this all with my new UTM110/120 (with pfsense).
I managed to make my nextcloud available from outside, with certificate, haproxy front/backend.
Now, how to make my internel IPs accessable with dns and certificate also? Cant find any tutorials for this.
-
@BassT said in switch from HAProxy Manager to pfsense haproxy:
how to make my internel IPs accessable with dns and certificate also?
What do you mean with "internal IPs"? What do you mean with "dns"?
I assume, that your Nextclould as well uses an internal IP. So what is the different then?
-
@viragomann you are right, there is no difference :)
will try out more :) -
@BassT I assume you mean that:
- You want a globally accessible DNS name that points to your HAProxy.
- -> Try visiting cloudflare to buy a domain name
- -> Take a look at cloudflare tunnels (cloudflared) and cloudflare traditional proxied DNS (choose one or the other method)
- You want to have a publicly trusted SSL/TLS certificate
- -> Install the ACME package and integrate with cloudflare OR
- -> Let cloudflare create a cert for you. In case of not choosing cloudflared, create self-signed certs for HAProxy via Cert Manager on PfSense.
-
Hi @NightlyShark,
not totally.
I had an webspace with ip redirection. So the online services I can make, also with trusted acme certificate. Nextcloud run correctly with https://cloud.mydomain.deWhat not work for now is an dns name with trusted certificate for offline (local) servers.
Let me say, if I want to make pfsense ui accessable via pfsense.home/
The certificate I made, but I can not redirect pfsense.home to 192.168.1.1:10443
The same settings for nextcloud don't work here, think I missed something.So for this I need an tutorial to manage it ;)
-
@BassT You can reuse the existing one by having split-DNS for the *.domain.de names, by using PfSense DNS resolver static host overrides, like:
-
@NightlyShark but these services (not nextcloud) should only accessable from local lan, or vpn, not from the internet.
so I made certificates for *.home and *.smarthome.
will tryout with DNS resolver this evening ;) -
@BassT Make a *.domain.de cert via let's encrypt!. You can, besides the non-wildcard one.
-
@NightlyShark *.home was an sad example. I now, wildcards dont work. so make certificate for foo.home / bar.home, ... :)
But for local I dont need *.deLater I will switch to pfsense.internal, because this should be used for local dns in the future.
-
@NightlyShark quick relover test:
basst@Kubuntu-VM:~$ curl pfsense.home
curl: (6) Could not resolve host: pfsense.homeEDIT:
also, how to set https insead of http, and the port in resolver settings? -
@BassT You don't set it in the resolver, you create a HaProxy HTTP (80) frontend that always redirects to HTTPS (443). As for the .local DNS, that is not exactly true. This applies to domains (not hosts) that are never accessible via internet. If a domain is on the internet, in order for local devices to be able to use the services directly, you use split-DNS like I showed.
-
@BassT said in switch from HAProxy Manager to pfsense haproxy:
basst@Kubuntu-VM:~$ curl pfsense.home
curl: (6) Could not resolve host: pfsense.homeIn that case, the
pfsenseis the domain (eg,pfsense.comand thehomeis the TLD (top level domain, eg.com). In order for that to work, you would need to set a domain ofpfsense.home:
