HaProxy Wont forward to IIS


I have created a virtual enviroment to test the HaProxy with PfSense inside a VmWare Workstation Version 16.
I created two IIS servers with test sites the can be accessed from remote hosts and are public with working certs on HTTPS behind PfSense, i configured the NAT rules to check that the sites worked properly before trying out the HaProxy, i created a NAT rule for one server on 443 to check that i can reach it and then changed the IP in the NAT rule to the other and both sites are working and can be accessed remotely VIA HTTPS.

After checking that all the sites working and PfSense does forward to the proper IIS server i moved to follow the instruction in the following videos :

I created two certs for my test domains then changed the webConfigurator to port 10443 and HTTPS and enabled WebGUI redirect, Then created a Backend to the internal IP + port with SSL and chose CA plus Client certificate for test site number 1 and then created a Frontend with listen address from WAN on port 443 plus SSL offloading and added ACL with path contains we the site address without WWW and added a Action to go to my backend rule (both acl name plus Condition acl names are matching), under SSL offloaing i chose the Test1 site cert and add in the Additional certificates all the cert i created for the websites and created a rule for port 443 but i cant reach the test website but traffic does show incoming connection from 443 to the firewall

thanks in advance

First there is a new version of that video here:

and I have a troubleshooting video here:

It will show you how to look up what SSL cert is being presented using opennssl

Thank you for the replay, what are the firewall rules in pfsense when HaProxy is enabled and i have two different Lan’s for example Lan with IIS running a HTTPS Test.example.com site and a second Lan with IIS russing a second HTTPS site with a different domain test.example2.com?

because from the errors i am encoutering it looks like a firewall rules/NAT misconfiguration.

I have checked using the troubleshooting guide video and saw that i am reaching the proper A record but not being served any certificate.

If the the HAProxy frontend is bound to then on the if you have a block rule for the two networks you could have a rule above that block rule to allow for port 443 to get to

My Frontend is bound to the WAN and not to the but after looking at the logs i used the easyrule function to add the rule in the firewall and i saw that first the site is trying to load in port 80 so i started adding the https to the website query. Now when i reach the site i get the proper wildcard certificate that i created in pfsense but it leads to a “503 Service Unavailable No server is available to handle this request.” error in the browser. (i doubled checked that the website are running properly without the haproxy and they are reachable remotely and locally).

Could it be that the haproxy not forwarding the request to the backend?

Your host matches value should not contain https:// it should only have the hostname.

unfortunately same error.

btw when i change the settings to port 80 the error is 502 Bad Gateway
The server returned an invalid or incomplete response.