A little HAproxy help please and thank you

Networking & Firewalls
1

I’m new on here, but been watching Lawrence for a few years now. Any wat I followed all his HAproxy, let’s enrypt video, And have everything almost squared away for the most part. I have all my individual back ends setup with their assoc. ports. And I have the main front end end setup to serve them. My only issue is I have like three servers that don’t support https at all or that I have read that doing so would cause problems with how they function. So I have Home assistant , pi-hole, motion eye, and tasmota. I’m trying to get HAproxy to secure the hass.io and it’s container apps to work thru https
with my signed certs thru acme-cloudflare on my LAN network. the certs are all working. even have emails from cloudfart that the posted to their servers. The only issue is getting these few http sites to work thru https and load their certs. All my https servers all worked flawlessly. justy not the http.
I feel like I might have the dumb and be missing something. but honestly I’ve watched lawrences videos enough now I’m surprised I haven’t been arrested for stalking at this point. any help would be greatly appreciated. I have tried to detail my setup as detailed as possible. thx In advance

run down of the setup

fiber modem
–>pfsense on bare-metal <<https - port 10443

Proxmox running on bare-metal server <<https - port 8006>>
–>Home Assistant VM “newest alpine linux version” <<http-only - port 8123>>

             -->tasmota                                                                  <<http-only - port 9541>>
            
             -->Motion-eye                                                             <<http-only - port 4444>>
   
  -->Ubuntu Server VM

            -->Docker/portainer/Heimdall                                      <<https - port 443>>
2

For the non https server in the backend you should not check the ssl checkbox…. He explains that in a video…. It’s that easy. The communication is encrypted up to the HAProxy server and from that to the actual server won’t, but you’ll get the green lock :lock: in your browser as “secure”
If it’s not what you wanted maybe I missed something and I’m sorry.

1 Like
3

yeah as long as it states secuee I’m good
thx, i will try that

4

Yeah not working, I don’t really care is its http or https just tired of clicking proceed anyway all the time

5

I have all the backend http servers set to “no ssl” and the proper cert for each server on the front end.
restarted dchp service, and haproxy service. cleared the cache on all browsers, and flushed my dns
still show warning on the server pages, so yeah idk

6

But did you specify port 80 on the backend? And make sure HAProxy is also listening for requests from lan network…. In the browser you must specify https:// in front…. I also disabled health checks…. I’m using the same scenarios for some of my server and I set it up like that…make sure the rule name is correctly typed in the front end when you choose which backend has to be used…

7

image
image2436×1124 215 KB

8

frontend'
frontend'1145×433 30.2 KB

10

motion eye

motioneye
motioneye1132×278 17.3 KB

12

hass

hass
hass1142×278 16.9 KB

13

tazmota

tazmota
tazmota1136×278 17.1 KB

14

and I typyed in the address with https and got this, so thats progress
before if i added the https it would just say refused ot cannot connect

progress
progress1290×794 17.5 KB