i have looked at “How To Setup ACME, Let’s Encrypt, and HAProxy HTTPS offloading on pfsense” but i want tls passthrue but the pfsense gui is abit weird im new to HAProxy.
Senario:
i want port 80 and 443 to go to diff servers depending on there hostname and let Lets Encrypt passthrue to let the backends handle it .
i got a unifi controller that i want to handle LE by itself. all ports that needs to me opend are port forwarding.
if anyone can show me how do to this or is the way Tom is showing us a good way to use this?
This is the end result of a config made in pfsesne but if you have your own standalone haproxy then this is how you write the config. This will do SSL passthrough based on domain name and redirect http to https. I hope this helps someone I took out public IP for obvious reasons. If you have questions on what is going on in this config I’d be happy to answer.
global
maxconn 10000
stats socket /tmp/haproxy.socket level admin expose-fd listeners
uid 80
gid 80
nbproc 1
nbthread 1
hard-stop-after 15m
chroot /tmp/haproxy_chroot
daemon
server-state-file /tmp/haproxy_server_state
listen HAProxyLocalStats
bind 127.0.0.1:2200 name localstats
mode http
stats enable
stats admin if TRUE
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000
frontend frontend_80
bind <PUBLIC_IP>:80 name <PUBLIC_IP>:80
mode http
log global
option http-keep-alive
timeout client 30000
http-request redirect scheme https code 301 if !{ ssl_fc }
frontend frontend_443
bind <PUBLIC_IP>:443 name <PUBLIC_IP>:443
mode tcp
log global
timeout client 30000
tcp-request inspect-delay 5s
acl sub1_host req.ssl_sni -i sub1.yourdomain.com
acl sub2_host req.ssl_sni -i sub2.yourdomain.com
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend sub1_backend_ipvANY if sub1_host
use_backend sub2_backend_ipvANY if sub2_host
backend sub1_backend_ipvANY
mode tcp
id 100
log global
timeout connect 30000
timeout server 30000
retries 3
server sub1_backend 192.168.9.105:443 id 102 check inter 1000
backend sub2_backend_ipvANY
mode tcp
id 101
log global
timeout connect 30000
timeout server 30000
retries 3
server sub2_backend 192.168.11.5:443 id 103 check inter 1000