HAproxy + pfSense issue - root domain not acessible


  • I have setup HAproxy on pfSense + ACME wth multiple backends tied to single frontend.
  • have setup http to https redirect rule in HAproxy
  • domain is registred with godaddy and cloudflare with proxy enabled.

All backends are not having self signed SSL certificates and are on different IP

first backend is root domain - somesite.co.in on port 80
second backend - dom1.somesite.co.in on port 80
third backend - dom2.somesite.co.in on port 3535

my second and third backend are reachable from internet with correct SSL certificates and working fine.

but my first backend (somesite.co.in) which is on root domain is not working…
tried different ISP and all show error 522

locally if i put in somesite.co.in i get a valid response and the website loads up with correct certificate, but over internet it does not.

Also going through the system logs–>firewall on pfsense i can see lots of denied entries for TCP:S protocol. I have already whitelisted cloudflare IPs.

Please guide me where am i doing things wrong…

I have never used HA Proxy along with Cloudflare with proxy so not really sure. Try setting it up without that and see if works as I have in my video.

Yes i checked with the video, all the settings are same.
Also i am able to fetch subdomains properly, just that the root domain is not working and throwing 522 error.
If i put the root website in subdomain it loads normally…
i dont know why the root domain is giving problems

so i tried troubleshooting a bit more and now i have finally figured out the problem…
The root domain works but only if i type https:/somesite.co.in explicitly. it still does not work with just somesite.co.in,
but sub domains works in both ways ,but if i type http://subdomain.somesite.co.in it still does not work.
So my best guess is that there is some error in the sitedefault.conf file or apache config file…

any suggestions would be very helpful.

Make sure under “System → Advanced” WebGUI redirect is turned off.

Hello Tom,
yes i have checked the box “Disable webConfigurator redirect rule”
but i have set the protocol to http.