Haproxy SSL Termination

m0ntassar · Apr 6, 2016, 2:58 PM

Hello,
I have pfsense 2.2.6, I installed haproxy 1.5 stable version package in the aim to configure an SSL termination

I configured a virtual WAN IP that I'm going to use to listen to ssl requests
I created an ssl certificate on pfsense
I created a backend with the config shown in backend.png attached image
I also created a frontend with the config shown in frontend.png attached image
the apache is properly working and showing the correct page when i browse directly to it using LAN address, In the apache logs, I see it is answering healthchecks with http 200 OK
I see no traffic blocked in the pfsense logs
I'm getting , "503 Service Unavailable, No server is available to handle this request" when I try to access the web site using the wan address
I'm I missing something ?

johnsonp · Apr 6, 2016, 4:59 PM

Not sure about haproxy 1.5, but it works fine ike this using haproxy 1.6 which I think is the devel package - maybe try using this? It's not really a devel package I think - 1.6 has been out for ages.

Hope this helps

PiBa · Apr 6, 2016, 6:01 PM

Is the wan address used in the certificate CN or alternative names? I think the acl does not match the request you send. Which then means no backend is selected, and thus no server is available..

Simply removing the 'Add ACL for certificate CommonName (host header matches CN of certificate)' checkbox might make it work.

m0ntassar · Apr 7, 2016, 8:42 AM

@PiBa:

Is the wan address used in the certificate CN or alternative names? I think the acl does not match the request you send. Which then means no backend is selected, and thus no server is available..

Simply removing the 'Add ACL for certificate CommonName (host header matches CN of certificate)' checkbox might make it work.

Well spotted my friend ! It was as simple as un-checking Add ACL for CN :)