Pfsense with HaProxy and web management gui


I watched Tom’s video on How To Create pfsense Let’s Encrypt Wildcard Certificates using HAProxy and I have also watched the troubleshooting video. Maybe I am not understanding or have missed something.

My original setup was as follows: - pointed to the WAN_IP of pfsense firewall rule permitted only specific networks to access the web management gui. The web management gui was encrypted using wild card SSL. Life was good. Default port 443.

My needs have changed and I need to have remote access to an internal server. I tried the port forwarding but that was cumbersome. So I researched HaProxy and see that it can be used as reverse proxy and provide SSL encryption for remote sessions and pfsene when accessing the internal server. It can also point to a using the same WAN_IP.

Currently I can only access the web management gui via And I cannot access my internal server.

pfsense 2-4.5-P1 with haproxy-devel 0.62_2

Internal server

Server list:
active NAME 80 (no SSL) (no SSL checks)
assigned client certificate from lets encrypt.

Front end:
WAN Address (Listen address) port 443 SSL Offloading (checked)
type (http/https(offloading)

Access Control lists

Name internal server expression host matches value (

Use backend internal server

Is there anyway to reverse proxy the management web gui?

Might be possible but I have never tried use HAProxy for the management GUI, does not seem like a good idea just in case there is an issue with HAProxy it would break access to the management GUI to fix it.

Hello Tom,

Thanks for the responses that makes sense.

Will continue on with troubleshooting the other server.

I have another question, if I already created a wild card cert for my management gui. And I want to use HaProxy to provide secure reverse proxy to internal services, do I need to create another wild card SSL specifically for use with HaProxy or can I use the existing gui wild card SSL or do I need to create a specific SSL cert for the particular backend host in HaProxy?

They should be able to use the same cert.

Thanks Tom for the response again Tom!

I just tested it out. I resolved my reverse proxy issues and now understand how to manage both management gui and haproxy.

1 Like