Clearly I’m failing to grasp the SSL settings within HAProxy, but I had a spare computer and wanted to experiment with running some Docker containers for local services (nothing is going to be accessed from the outside). I have once again set it up using this vid https://www.youtube.com/watch?v=bU85dgHSb2E
I have set up a Virtual IP, installed Docker and Portainer and can access Portainer using the https://ip:9443 address but when I try to use https://portainer.mydomain.tld I keep getting the “Client sent an HTTP request to an HTTPS server.” As per the instructions SSL offloading in the frontend and SSL in the backend are enabled, A records are in place and a wildcard certificate has been issued using the Namecheap API.
If I had to summarize the solution for MY setup (pfSense+ 24.03 on a Netgate 2100) I’d say: changes made to the HAProxy service settings via the pfSense GUI require a reboot (maybe two) to start working properly.
I came across the same issue. It’s checked to encrypt the connection, yet packet captures are showing that it’s not doing that. This is obviously a pfsense bug with it not applying the config correctly. To resolve this issue. I deleted the backend and recreated it in pfsense.
I created an account on this forum just to say thank you for this! I started using HAProxy in my homelab without a single issue by following Tom’s tutorials, so it was truly vexing when I could not get a very similar setup to work on my company firewall. I double- and triple-checked everything, restarted the service (multiple times), even spent quite a bit of time with our programmer learning his whole web app just to make sure there wasn’t an issue on the web server…
I found this post and figured since I’ve tried everything else that a couple of reboots couldn’t hurt – worked like a charm! The second reboot brought the backend status check online and the service started responding with our cert as expected.
Thank you again for restoring my sanity!
Edit: it’s worthwhile to mention that I started working with HAProxy in my homelab when I was still running 2.7.2. The initial frontend/backend pair I set up worked without incident. Following an upgrade to 2.8.0, in which I flattened my FW, installed the upgrade and restored my config, that initial pair stopped working and I got a 503 error. Every subsequent pair on the new install worked fine, so the issue became a problem for future me. When I encountered the issue in my work firewall and succeeded using the multi-reboot solution, I tried it at home and the initial pair was fixed as well. So the reboot fixes the issue on multiple versions on pfSense and/or HAProxy and is still worth trying if you find yourself stuck in a similar situation.
Work FW: pfSense CE 2.7.2
Work Package: HAProxy 0.63_2
Homelab FW: pfSense CE 2.8.0
Homelab Package: HAProxy 0.63_10
