Has anyone had any luck making haproxy working with proxmox under pfsense ? No, don’t plan to expose my proxmox deployments to the world I just want to use a domain + ssl internally. I have other stuff working fine like freepbx and Synology … but when it comes to proxmox I get a 502 Bad Gateway error.
Completely lost of why …
From what I could understand proxmox webgui uses websocket which is not that limiar to configure on haproxy. I could find a non pfsense haproxy config but it’s text only and I don’t exactly know how to pfsense. Unfortunately the documentation regarding haproxy specially for pfsense is quite limited.
502 is usually a temporary failure on backend usually so better check why you’re server is throwing a outage error. for proxmox i think you need to have a self signed cert on the server itself so that the process will not be confused on the process of offloading. this more on compatibility issue
For crying out loud… I just realized I’ve been victim of my own stupidity hahaha. I forgot to check ssl on the backend for proxmox. I must have looked ar all settings dozens of times and missed that one . ( for some reason on my mind I must have thought proxmox web GUI was running on http only , or something …)
I use Proxmox with let’s encrypt directly on it, so I create a rule that enables port 80 out for a certain time, usually 5 minutes and in those 5 minutes every day is what is used for let’s encrypt to update the https certificate if it is due.
I end up preferring this to HAproxy because it removes one more service from pfSense.
But this error that is having in HAProxy I had once and it was in the Backend in “Health check method”, I had to change it to “Basic” to work!
I know this is an old topic. I have it working, well done @LTS_Tom. However, whenever I go to a Shell in the web GUI, I get “failed waiting for client: timed out
TASK ERROR: command ‘/usr/bin/termproxy 5900 --path /nodes/ace1 --perm Sys.Console – /usr/bin/ssh -e none -t 10.40.1.26 – /bin/login -f root’ failed: exit code 1”
or if I refresh, it sometimes comes up. I read somewhere its an issue with how HA proxy was handling the Shell instances.
I want to expose my case to see if someone can help me.
I have app1.duckdns.org with let’s encrypt + HA proxy + Dynamic DNS running with Firewall/Nat/PortFowed to a virtual ip in VLAN 40 (IoT).
Now I need to have another subdomain, app2.duckdns.org with the same: Dynamic DNS + Let’s Encrypt + HA Proxy, but in this case it has to go to another machine and vlan (VLAN10 - 192.168.10.10).
I have managed to get DDNS up and running, but not Let’sEncrypy or HAProxy.