You're speaking plain HTTP to an SSL-enabled server port

tomasenskede · Apr 9, 2024, 8:27 AM

I'm experiencing difficulty accessing my new Nextcloud/Proxmox sites through HAProxy/pfSense. However, my old Nextcloud/Docker setup functions properly via the same HAProxy/pfSense configuration.

Same error... whats wrong?

viragomann · Apr 9, 2024, 4:35 PM

@tomasenskede
Not clear, why you have set up two backends, one to port 80 and one with 443.
However, if the backend server is accessed on port 443, it would expect an SSL-request using HTTPS.
To enable it in the HAproxy backend, check "Encrypt(SSL)".

tomasenskede · Apr 9, 2024, 6:16 PM

@viragomann said in You're speaking plain HTTP to an SSL-enabled server port:

@tomasenskede
Not clear, why you have set up two backends, one to port 80 and one with 443.
However, if the backend server is accessed on port 443, it would expect an SSL-request using HTTPS.
To enable it in the HAproxy backend, check "Encrypt(SSL)".

I don’t have two backends, I just tested with two different setting, port 80 and 443 with same result… but not at the same time.

viragomann · Apr 9, 2024, 6:26 PM

@tomasenskede
Is the backend even accessible via http on port 80, or does it redirect any access to https?

As mentioned above, when using port 443 you need to access it via https, so "Encrypt(SSL)" must be checked, and the server has to provide an SSL certificate.

tomasenskede · Apr 10, 2024, 8:10 AM

@viragomann said in You're speaking plain HTTP to an SSL-enabled server port:

@tomasenskede
Is the backend even accessible via http on port 80, or does it redirect any access to https?

As mentioned above, when using port 443 you need to access it via https, so "Encrypt(SSL)" must be checked, and the server has to provide an SSL certificate.

then I get this:

I can access https://192.168.1.24/ from my internal network with an cert-warning but still working

viragomann · Apr 10, 2024, 7:47 PM

@tomasenskede
So maybe there is a mistake in your frontend configuration. Can you post its settings, please?

tomasenskede · Apr 10, 2024, 7:47 PM

@viragomann said in You're speaking plain HTTP to an SSL-enabled server port:

@tomasenskede
So maybe there is a mistake in your frontend configuration. Can you post its settings, please?

Access Control lists

Actions

Backend

viragomann · Apr 10, 2024, 8:32 PM

@tomasenskede
These view snips are sadly not really helpful to get closer to the issue.

tomasenskede · Apr 11, 2024, 8:55 AM

@viragomann said in You're speaking plain HTTP to an SSL-enabled server port:

hese view snips are sadly not really helpful to get closer to the issue.

hmm... I'm eager to make this working. I'm happy to provide more information. What else do you need to help me? Thanks in advance!

tomasenskede · Apr 14, 2024, 8:29 AM

@tomasenskede said in You're speaking plain HTTP to an SSL-enabled server port:

@viragomann said in You're speaking plain HTTP to an SSL-enabled server port:

hese view snips are sadly not really helpful to get closer to the issue.

hmm... I'm eager to make this working. I'm happy to provide more information. What else do you need to help me? Thanks in advance!

Got it WORKING... reboot of pfSense resolved the issue...

melnyk · Feb 3, 2025, 10:53 AM

Wow. I have to state that I had the same problem (the "Encrypt(SSL)" option was totally ignored), but everything works after reboot.

teague-o-Bitties · Feb 22, 2025, 12:27 AM

@melnyk I know wright. I absolutely spent 2 hours with the HA config before I found this thread. wtf. Thanks @tomasenskede ... 100%, a reboot on pfsense worked.

waylonwesley · Feb 26, 2025, 9:49 AM

@melnyk sprunki 2
It's great to hear that a simple reboot resolved your issue! If you encounter similar problems in the future, these steps may help you troubleshoot effectively.