HAProxy Port Redirect Internal

spiker

Yeah directly accessed would be on port 10443, and that works just fine, cert and all.

I do have a rule on all other interfaces/networks to block port 10443, but I am on the network that is stated in the front end and that interface has no rule to block 10443 to the FWL address.

spiker

@viragomann

Yeah I am using https to access it, crome will redirect to https anyway even if I try http.

viragomann

@spiker
I was talking about the backend.
Do you still have "Encrypt (SSL)" checked and "SSL checks" unchecked in the backend?

spiker

@viragomann

I have the reverse at the moment.

spiker

Hey that worked....

Thank you for your time here guys, I am new to all of this but you guys were amazing.

spiker

I put back on the ACL and moved the front end listener to 443 and it all works... Pushed the cert for the web management page back to the self signed one and HAProxy is SSL offloading with the signed cert! Man cant thank you guys enough.

viragomann

@spiker
Great!

Remember, "Encrypt (SSL)" means, that HAproxy uses HTTPS to connect to the backend.
"SSL checks" means, that it checks the SSL certificate of the backend server. I.e. the certificate has to be valid.

spiker

@viragomann

Thank you, I had that a bit flipped in my mind!