Recently i have tried seting up ssl for Mainsail on my raspberry pi. Tried setting it up through nginx and was able to ge the cert to show but wouldn’t pass the printer http ports to the https site.
That being said. Currently I have a pfsense with HA Proxy. Watched Lawernce video on HA Proxy.
The website mainsail.%%%.org is avalible with the wildcard cert. However the website it points to works and is up on port 80. I can access mainsail.$$$.org but provides an error 503.
Front end backend are up.
DNS set for override.
The webserver running on the rpi is avaiable on 80.
Here’s the first thing I’d check: does the backend show as up on the HAProxy stats page? If not, it could be that adjusting the check method in the backend from the default HTTP to Basic or None might help.
If HAProxy sees a negative test it gives a 503 rather than proceeding.
This error means that the proxy cannot reach that IP and port. Do you have any firewall rules that might be blocking access? Or maybe firewall rules on the server blocking access?
Here are my firewall rules. I can ping from main machine and pfsense.
Putting ufw on raspberry pi to force open 8080,443,22.
Doing a port scan they show open.
Your DNS is working. The issue is HAproxy cannot reach that IP and port in your backend settings. you need to make sure 10.13.13.1 can reach 192.168.89.68
I’m the second screenshot, you can see the issue I was suggesting. Change the health check method from HTTP to None and see if that does anything for you. There are some web apps that don’t respond well to the default check for some reason.
And, of course, make sure you subdomain is resolving to the address of HAProxy, not the actual host.
I just noticed the screenshot from when you visit mainsail directly and it mentions a cors_domain setting. That makes me wonder if there is some setting in the mainsail configuration that allows for known proxies to work. Check the software documentation and you might find something there.