Question regarding Toms 2023 HAProxy video

jase-dk · December 13, 2023, 9:59pm

I just enjoyed Toms 2023 video on setting up HAProxy with Let’s Encrypt Certificate.

I managed to configure everyting according to Toms directions, but I do not fully understand the process of binding the backend to the WAN address and opening port 443 on the WAN.

I have just binded to the firewall internal IP (same as the HAProxy IP) and I have then opened port 443 on the WAN interface and made a port forwarding rule to the HAProxy IP.

Is what I did wrong? If I bind to the backend directly can I then skip the port forwarding rule?

Sorry Tom, you video is great but the last part regarding binding to the WAN interface and opening up on the WAN side is not as clear as the remaning part of the video, at least not to me

jase-dk · December 13, 2023, 10:29pm

Figured it out. Seems that I can skip the port forward when i bind the frontend to the WAN interface.

Nice, thanks for the video Toms!

xMAXIMUSx · December 13, 2023, 10:29pm

No you don’t want to do that. You’ll need to bind the public IP to your front end. Then HAProxy has rules to determine how the incoming traffic gets routed to the backend.

Your need to have a WAN rule like this.

jase-dk · December 13, 2023, 10:48pm

Thanks @xMAXIMUSx

Yes, this is exactly what I have done now - after I figured it out. The port forward is deleted and I now only have a rule similar to the one you showed (though I have only opened TCP/443).