Pfsense + HAProxy + Cloudflare: getting 522&503 errors and DNS host override not working

cribbageSTARSHIP · November 27, 2023, 4:12pm

Good day,

I’m having having a hell of a time getting my setup to work. I was able to get to nextcloud when I used cloudflare tunnels, but I had to switch from their tunnels as they have a max file upload size of 100mb. So since I use pfsense I might as well use HAPoxy and use that much like I used to use NginX and Lets Encrypt.

I’m pulling out my hair here. If I set my SSL/TLS encryption mode on cloudflare to Flexible and go to my https dot com I get a “Connection timed out Error code 522”. If I set the SSL/TLS encryption mode on cloudflare to Full it says “503 Service Unavailable. No server is available to handle this request.”

If I use my local ip I can access this just fine.

My DNS host override is not working either. Using the dig command returns the cloudflare server ip rather than the local server ip ive set.

I’ve used the following videos:

Raid Owl

Lawrence systems

Please Help

cribbageSTARSHIP · November 27, 2023, 4:18pm

EDIT 1: I had switched from ISC to Kea due to the warning, but switched back this morning after reading this

Edit 2: Under diagnostics, the DNS lookup returned an A record for the local IP of my nextcloud machine. ping and traceroute also returned a connection to that local server.

xMAXIMUSx · November 28, 2023, 1:16am

Cloudflare should only be suppling DNS to your public IP. Your internal DNS should be providing DNS to your server internally ONLY (something like nextcloud.my.lan or whatever you setup on your pfsense ). Do not set your internal DNS to your public IP. All ssl offloading should be done on haproxy. Turn off any proxy on cloudflare.