How To Guide For HAProxy and Let's Encrypt on pfSense: Detailed Steps for Setting Up Reverse Proxy [YouTube Release]

Additional Resources:

Connecting With Us

Lawrence Systems Shirts and Swag

►👕 https://lawrence.video/swag/

AFFILIATES & REFERRAL LINKS

Amazon Affiliate Store
:shopping_cart: Lawrence Systems's Amazon Page

All Of Our Affiliates that help us out and can get you discounts!
:shopping_cart: Affiliates We Love - Lawrence Technology Services

Gear we use on Kit
:shopping_cart: Kit

Use OfferCode LTSERVICES to get 10% off your order at
:shopping_cart: Tech Supply Direct - Refurbished Tech at Unbeatable Prices

Digital Ocean Offer Code
:shopping_cart: DigitalOcean | Cloud Hosting for Builders

HostiFi UniFi Cloud Hosting Service
:shopping_cart: HostiFi - UniFi Cloud Hosting

Protect you privacy with a VPN from Private Internet Access
:shopping_cart: Buy VPN with Credit Card or PayPal | Private Internet Access

Patreon
:moneybag: https://www.patreon.com/lawrencesystems

:stopwatch:Time Stamps :stopwatch:
00:00 :arrow_forward: HAProxy on pfsense
00:00 :arrow_forward: How The HAProxy Reverse Proxy Works
06:46 :arrow_forward: pfsene packages and WebConfigurator settings
07:28 :arrow_forward: ACME Let’s Encrypt Setup
10:40 :arrow_forward: Setting Up HAProxy General Settings
11:47 :arrow_forward: Creating HAProxy Backend
12:50 :arrow_forward: Creating HAProxy Frontend
14:45 :arrow_forward: DNS Settings & Host Override Setup

#pfsense #firewall #networking

Hi. When I try this I get nxdomain on truenas in dig. When I use dig on my main domain it works and the ip is reported. I don’t understand why? I followed the video to the letter. Also, I saw in your video that you use the default webconfigurator and not letsencrypt cert in advanced? Can you do that and still have it work?

I am not fully clear on what your question is but if TrueNAS reports a different DNS response than your other system then you probably do not have TrueNAS using the pfsense as your DNS.

Ok. sorry. I explained badly. This is the result I get when I try to resolve dns (****domain.work is instead of my domain):

root@rock-4se:/# dig truenas.****domain.work

; <<>> DiG 9.16.42-Debian <<>> truenas.****domain.work
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44659
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 3c509286ddc61c140100000064dc955fd9b2fe32e8b0ed54 (good)
;; QUESTION SECTION:
;truenas.****domain.work. IN A

;; AUTHORITY SECTION:
****domain.work. 551 IN SOA ns01.domaincontrol.com. dns.jomax.net. 2023081501 28800 7200 604800 600

;; Query time: 30 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Wed Aug 16 09:22:39 UTC 2023
;; MSG SIZE rcvd: 154

But I can resolve the domain itself. If I dig ****domain.work it reports my external ip so letsencrypt works. So I don’t understand why dns isn’t working? I know dns is like magic and I must know the right spells so I’m wondering if you have anything off the top of your head that feels obvious that I’ve done wrong or how I can troubleshoot?

You need a separate DNS entry for truenas.****domain.work. You can’t just point ****domain.work to an IP and have all the somethings.****domain.work go there.

thank you for the respons. I gonna keep working on it. I have a feeling I wanna do more then my knowledge allows. I did add the truenas in dns resolver host override so I think I must have screwed up somewhere. I’m gonna keep at it. Thanks.

@LTS_Tom

I just saw your video but… my isp gives me a dynamic ipv4, but instead it gives me a static /56 ipv6 prefix. Can I use that instead?

Not sure, I don’t use IPV6.