HAProxy proxies hosts unreachable
-
@digimd
You have only one frontend, which is listening on port 443.
Maybe I'm not clear, what you intend. Accessing the same hosts with and without SSL? Or redirecting non-SSL to SSL? -
@viragomann I have one frontend that handles the ACLs. I am accessing backends with https with unsigned cert and one http. They belong to different services. I intend to access my self-hosted services with proper ssl without opening a WAN port.
-
@digimd
And which host is not accessible? -
@viragomann all are unreachable except for router which points to my pfsense.
-
@digimd
Try to remove the checks at
"Add ACL for certificate CommonName"
"Add ACL for certificate Subject Alternative Names"
in the frontend settings.For testing the connection you can also state a default backend and see if you can access it.
If this works, the rules are not applied. -
@viragomann I removed the checks when present and it made no difference. I sat a default backend other than router, and no change either.
I am considering to move to self hosted reverse proxy and get done.
-
@digimd
You said, you get just a time out, when you try to access a page.
If the request hits HAproxy it will give any respond, however. So I suspect, that there is something else wrong.Ensure that the host name resolves properly to the IP, which HAproxy is listening on.
-
@viragomann I am not sure what type of error. Essentially page is unreachable, without error code. I am remoting now through tailscale on pfsense and I get this which is likely a dns or firewall rule.
ERR_CONNECTION_REFUSEDI changed listening IPs to 0.0.0.0:443 and no change. Could this be a firewall rule issue?!
-
@digimd
It could maybe a reject rule, giving this error. However, do you have any?If I got you correct, you want to access the sites only from inside the network?
-
@viragomann Yes, I meant to keep all ssl access local. I have the listening interfaces allowed to access all target destinations. I am just throwing the idea although I don't think it's the issue. Thank you for following through.