Need another set of eyes pls - Synology DSM behind HAProxy on pfSense


At the tail end of a complete homelab rebuild and struggling to get Synology DSM available behind HAProxy on pfSense (and its driving me batty).

I had this all working prior to the rebuild and have (re)setup as follows:

Its for internal use only (I dont have anything exposed publicly and am not setting up access for external use)

HAProxy is installed and working fine as per Tom’s videos.

I have a virtual IP setup on the same VLAN Im accessing from that has DNS overrides for DSM and other services (UniFi Controller, etc) and these all work via HAProxy except DSM…

Synology is accessible on :5000 (http) and :5001 (https) and is accessible by address. I have automatically redirect HTTP to HTTPS enabled in DSM>Control Panel> Login Portal and dont have anything set in customized domain

In pfSense, the certificate is issued fine (Cloudflare/Lets Encrypt) and the HAProxy backend is:
Address + Port 5001 Encrypt SSL-checked nothing else selected or configured

The Front End is watching the virtual IP and then directing to the various backends and as I mention working fine for UniFi controller and other services.

When I try and go to the FQDN I get a Synology NGINX page with the message “The plain HTTP request was sent to HTTPS port”.

If I run a traceroute I see the request gets directed to the virtual IP correctly (no other details provided) but the message suggests to me that its trying to go to port 5000 (HTTP) rather than 5001 (HTTPS)?

I’ve tried disabling the HTTPS redirect in DSM, triple checked the ports are correct and rebooted things a few times just in case.

Anyone got any ideas what I’m missing?


Make sure you have the back end Encrypt(SSL) set to yes and port 5001.
This is from my setup:

Mode Name Forwardto Address Port Encrypt(SSL) SSL checks Weight Actions
active surveillance Address+Port: 5001 yes no
1 Like

Thanks @LTS_Tom,

Pretty sure thats what I’ve done, screen grabs below (btw - enjoying all the new content thanks).


pfSense - HAProxy Backend

pfSense - DNS Host Override

Im obviously missing something (probably something simple) - just can’t see it.


That all looks correct, when in doubt just build a new front end and back end from scratch to see if it works.

1 Like

Thanks @LTS_Tom,

Rebuilt the front and back end and what do you know, miraculously starts working…


1 Like