have succesfully been using haproxy and a wildcard cert via acme to access some servers externally. The cert renewal is working great and is really handy.
I would like to use the same wildcard cert for truenas without ever having to manually import it to truenas. This works if I add truenas to haproxy…but I don’t want truenas available externally.
I have tried setting up another frontend in haxproxy that just listens on the lan and a backend to it for truenas.
I added a host override in dns resolver pointing at the lan listening address on haproxy.
When I try to access it via truenas. I get prompted to self sign it and it says not secure.
I have 15 servers behind HAProxy, all working fine as expected. I have 1 that doesn’t work. It is configured the same as the others, I just duplicated a working one and updated the values. This server is TrueNAS. No matter what I tried, it doesn’t work. It has a self-signed certificate.
I have 2 domains, .lan and .com. I use HAProxy for the .com domain. My DNS points all the .com addressees to my pfsense router where HAProxy is running. I followed the troubleshooting guide on the video with dig and openssl, no issues when testing my TrueNAS server via truenas.dellus.com. When I try to log in the web interface at truenas.dellus.com, I get 503 Service Unavailable - No server is available to handle this request. I tried different browsers, all the same.
My pfsense router web interface is running on port 10443 as suggested.
I’m a bit at lost. I deleted and recreated the HAProxy back end and front end, it didn’t help. I changed the DNS domain name of truenas to nas just for testing, and setup HAProxy accordingly, didn’t help either.
I have two local domains, .lan and .com. I can access truenas directly via truenas.dellus.lan, but I get the certificate error. This is the reason I want to use HAProxy on the .com domain. Maybe truenas needs to be told to serve web requests on the .com domain?