Proxmox HAproxy + pfsense

Hi.

Has anyone had any luck making haproxy working with proxmox under pfsense ? No, don’t plan to expose my proxmox deployments to the world I just want to use a domain + ssl internally. I have other stuff working fine like freepbx and Synology … but when it comes to proxmox I get a 502 Bad Gateway error.
Completely lost of why …

Thanks.

I don’t use Proxmox but I can not think of any reasons it should not work. Check the logs on Proxmox

From what I could understand proxmox webgui uses websocket which is not that limiar to configure on haproxy. I could find a non pfsense haproxy config but it’s text only and I don’t exactly know how to pfsense. Unfortunately the documentation regarding haproxy specially for pfsense is quite limited.

I would look up any work instructions on how to do reverse proxy with Proxmox and translate those to work with HA Proxy.

i have a proxmox gui working with @LTS_Tom guide on Haproxy SSL/TLS Offloading .

I followed the will are video… it it should work , I think. All my other services are working except for proxmox where I get a 502 gateway error.

502 is usually a temporary failure on backend usually so better check why you’re server is throwing a outage error. for proxmox i think you need to have a self signed cert on the server itself so that the process will not be confused on the process of offloading. this more on compatibility issue :slight_smile:

For crying out loud… I just realized I’ve been victim of my own stupidity hahaha. I forgot to check ssl on the backend for proxmox. I must have looked ar all settings dozens of times and missed that one . ( for some reason on my mind I must have thought proxmox web GUI was running on http only , or something …)

It’s working now. Thanks …

great now enjoy thanks to @LTS_Tom for the great tutorial :smiley:

I use Proxmox with let’s encrypt directly on it, so I create a rule that enables port 80 out for a certain time, usually 5 minutes and in those 5 minutes every day is what is used for let’s encrypt to update the https certificate if it is due.

I end up preferring this to HAproxy because it removes one more service from pfSense.

But this error that is having in HAProxy I had once and it was in the Backend in “Health check method”, I had to change it to “Basic” to work!

I know this is an old topic. I have it working, well done @LTS_Tom. However, whenever I go to a Shell in the web GUI, I get “failed waiting for client: timed out
TASK ERROR: command ‘/usr/bin/termproxy 5900 --path /nodes/ace1 --perm Sys.Console – /usr/bin/ssh -e none -t 10.40.1.26 – /bin/login -f root’ failed: exit code 1”

or if I refresh, it sometimes comes up. I read somewhere its an issue with how HA proxy was handling the Shell instances.

Hello,

I want to expose my case to see if someone can help me.

I have app1.duckdns.org with let’s encrypt + HA proxy + Dynamic DNS running with Firewall/Nat/PortFowed to a virtual ip in VLAN 40 (IoT).

Now I need to have another subdomain, app2.duckdns.org with the same: Dynamic DNS + Let’s Encrypt + HA Proxy, but in this case it has to go to another machine and vlan (VLAN10 - 192.168.10.10).
I have managed to get DDNS up and running, but not Let’sEncrypy or HAProxy.

How can I do it?
Thanks

I have no idea what the cause of that error is, you might want to try the pfsense forums.

@iruindegi
I cover multiple sites in my HAProxy 2023 video