pfSense + HAProxy + Layer 4

Hi All,

I have a new install of pfSense and HAProxy but am having issues persuading HAProxy to serve act as a reverse proxy for multiple SSL domains.

I have genuine digicert certificates for all of my domains, 2 are wildcards, one is a single host name, so there is no ACME/Lets-Encrypt requirement.

No matter how I set it up, HAProxy is not serving up the correct certificate for some of the websites.

All of my websites currently reside on the same server either as docker containers (wordpress/drupal websites, UISP controller), or as direct installs (Unifi controller).

I was previously serving all of these domains via an nginx docker on the same server as the various web sites, although the Unifi ones were somewhat outside of what it could see (I had a docker network setup so they could all see each other) as they were direct installs.

The implication from the HAProxy documentation is that the only way this will work is by using tcp, rather than http which would create a layer 4 rather than layer 7 load balancer.

Unfortunately the ‘defaults’ section where this would be defined in the haproxy.cfg file is not implemented in the pfSense version of HAProxy according to the HAProxy documentation for pfSense (in the differences section).

Any suggestions, other than simply using NAT to point directly at my nginx container and giving up with HAProxy?

This is not a configuration I have tried, might want to post in the pfsense forums.

Sorry, I thought I had put it in the correct forum, turns out it was not placed in any forum.
I have now posted over at the Netgate forums as well - thanks

Not exactly, I have answered a lot of HAProxy questions here related to the videos I have done, but there are plenty of use cases that I don’t know the answer too so I suggest their forums as opposed to leaving the question unanswered.

Part of my initial response was a mis-understanding of what you had said - I had thought you were asking me to post the question in the pfSense section of your forums, as I noticed that my question had not been ‘tagged’ with ‘Networking & Firewalls’
Many thanks once again for your response

1 Like