I need advice for this bothersome problem, the intermittent handshake errors. I watched Tom’s great videos regarding HaProxy and found my setup to mirror his. My setup is as follows. I pay for a domain and hosting. I created three subdomains and pointed the A record to my server with a proxy redirect. Pfsense has one WAN, which is accessed by a dual VPN load balancer/failover setup. pfBlocker is running. HaProxy listens on port 80 and 243. Web GUI is moved to another port. WAN firewall rules allow port 80 and 243 into the firewall. Backend servers are http. Https is offloaded on the frontend with ACME certs manually generated from the subdomain. The backend servers indicate up. Connections to the subdomains, regardless of source (LAN or internet) sometimes connect and function (50%), sometimes the browser needs to be refreshed several times, and sometimes, especially in Firefox it never connects. Interestingly, the browser connection always indicates secure the the certificate chain can be followed. It is always a handshake error followed by a 500 error. How do I effectively diagnose the handshake errors to point me to the cause? Any help would be greatly appreciated.
Check the logs in pfsense, google the errors.
I also have this video on HAProxy troubleshooting
Hi Tom. Thanks. I watched the videos and rechecked my setup. I had to change a setting in my DNS provider when forwarding. I changed it from proxy to proxy preserve host. I have no problems when accessing outside my network. I do have problems internally now. Sometimes I get a forbidden or handshake error, or an unstable connection. Could there be a resolver issue or a firewall problem because of the VPN’s? It acts like a DNS issue internally. Is there a way I can make an exception for those ports?
Check the logs, sounds like a DNS issue but not sure.