Recently i have tried seting up ssl for Mainsail on my raspberry pi. Tried setting it up through nginx and was able to ge the cert to show but wouldn’t pass the printer http ports to the https site.
That being said. Currently I have a pfsense with HA Proxy. Watched Lawernce video on HA Proxy.
The website mainsail.%%%.org is avalible with the wildcard cert. However the website it points to works and is up on port 80. I can access mainsail.$$$.org but provides an error 503.
Front end backend are up.
DNS set for override.
The webserver running on the rpi is avaiable on 80.
Mainsail -192.168.89.68 -rpi
Thank you for the help.
What do you have configured on your front end and backend? Screenshots would be helpful.
Did you follow my 2023 guide?
I also have my video on certs, DNS, & SNI here
Here’s the first thing I’d check: does the backend show as up on the HAProxy stats page? If not, it could be that adjusting the check method in the backend from the default HTTP to Basic or None might help.
If HAProxy sees a negative test it gives a 503 rather than proceeding.
Thank you all who responded.
Server is running on 192.168.89.68:8080 for HTTP
Looks like you didn’t add the CA and certificate on the backend. Look at my config.
Also I don’t have the common name section check. Not sure if that matters.
I am still getting this error.
This error means that the proxy cannot reach that IP and port. Do you have any firewall rules that might be blocking access? Or maybe firewall rules on the server blocking access?
Here are my firewall rules. I can ping from main machine and pfsense.
Putting ufw on raspberry pi to force open 8080,443,22.
Doing a port scan they show open.
Thank you again for the help
Just for giggles can you restart the HAProxy service on pfsense? I don’t see anything preventing haproxy from being accessed.
Done. I am now getting layer 4 connection issues on the status page.
Rebooting both for good measure.
I turned off pfblocker for good measure. Still showing down after restart.
What dns is supposed to be set in HA proxy?
One isn’t set currently.
DNS for the rpi is the pfsense
Your DNS is working. The issue is HAproxy cannot reach that IP and port in your backend settings. you need to make sure 10.13.13.1 can reach 192.168.89.68
I’m the second screenshot, you can see the issue I was suggesting. Change the health check method from HTTP to None and see if that does anything for you. There are some web apps that don’t respond well to the default check for some reason.
And, of course, make sure you subdomain is resolving to the address of HAProxy, not the actual host.
Changed to none. Thank you for the suggestion.
I am still getting down.
I just noticed the screenshot from when you visit mainsail directly and it mentions a cors_domain setting. That makes me wonder if there is some setting in the mainsail configuration that allows for known proxies to work. Check the software documentation and you might find something there.
Thank you! I will test that. Tried it before on one of the printers and didn’t have much luck. The way nginx passes the ports is weird.