Proxmox HAproxy + pfsense

Hi.

Has anyone had any luck making haproxy working with proxmox under pfsense ? No, don’t plan to expose my proxmox deployments to the world I just want to use a domain + ssl internally. I have other stuff working fine like freepbx and Synology … but when it comes to proxmox I get a 502 Bad Gateway error.
Completely lost of why …

Thanks.

I don’t use Proxmox but I can not think of any reasons it should not work. Check the logs on Proxmox

From what I could understand proxmox webgui uses websocket which is not that limiar to configure on haproxy. I could find a non pfsense haproxy config but it’s text only and I don’t exactly know how to pfsense. Unfortunately the documentation regarding haproxy specially for pfsense is quite limited.

I would look up any work instructions on how to do reverse proxy with Proxmox and translate those to work with HA Proxy.

i have a proxmox gui working with @LTS_Tom guide on Haproxy SSL/TLS Offloading .

I followed the will are video… it it should work , I think. All my other services are working except for proxmox where I get a 502 gateway error.

502 is usually a temporary failure on backend usually so better check why you’re server is throwing a outage error. for proxmox i think you need to have a self signed cert on the server itself so that the process will not be confused on the process of offloading. this more on compatibility issue :slight_smile:

For crying out loud… I just realized I’ve been victim of my own stupidity hahaha. I forgot to check ssl on the backend for proxmox. I must have looked ar all settings dozens of times and missed that one . ( for some reason on my mind I must have thought proxmox web GUI was running on http only , or something …)

It’s working now. Thanks …

great now enjoy thanks to @LTS_Tom for the great tutorial :smiley:

I use Proxmox with let’s encrypt directly on it, so I create a rule that enables port 80 out for a certain time, usually 5 minutes and in those 5 minutes every day is what is used for let’s encrypt to update the https certificate if it is due.

I end up preferring this to HAproxy because it removes one more service from pfSense.

But this error that is having in HAProxy I had once and it was in the Backend in “Health check method”, I had to change it to “Basic” to work!