Unfortunately my website at home is not accessible through ACME and HAproxy alltough I have watched all of Tom’s videos and used the tips in this forum as well.
Still no luck, so maybe it’s a problem with my setup (for my local provider) which uses PPOE with a static gateway for both IP4 and IP6?
Do I need to add a special route in /system/routing?
Any help would be appreciated.
Merry Christmas, Dom
Does your pfsense get a public IP and if so does your ISP allow 443 to be open?
Thanks for your time. About your question.
Yes, I get the public IP and dig gets the local IP provided by HAproxy as you show in your video. And external system viewers like SSL even get the info that an Apache web server is running on the specific IP.
But still no chance to see the website, not on the LAN side nor via an external (cell phone).
Funny thing is that I can somehow override the pfsense setting by using the pfsense port of 10443 (like: https://host.mydomain.com:10443) . This way I get access to the pfsense while using the lan, of course I get the warning that I have a redirect.
Since pfsense used NGINX then the Apache server is the one you have benind HAProxy. You should check the logs there.
Ok thanks, no idea how but I will find out tomorrow. HAve a nice day. Regards Dom
I managed to get things working. But only using a firewall rule.
Settting port 80 and 443 to “this firewall”
DNS Resolver did not work ?
BTW.: This was working after I had chose a different name e.g. “xxx” for all “name” fields in HA-Proxy. The only field refering to the actual website is on the frontend part @ACL and there “Value”.
I saw some video copy and pasting “test.yourdomain.org” in all possibel fields. This was not working for me.
Thanks and a happy new year.
How dangerous is this method of allowing these two ports?
And what are the alternatives to get access to a service running locally. VPN?
Opening any ports on your firewall always comes with risk. It can be real dangerous depending on the services ran and the code being solid on said service.
To help mitigate possible spread of infection (When it happens) it is always best to place these servers in a DMZ that cannot access any local resources.