Truenas Internally Via Haproxy on Pfsense

have succesfully been using haproxy and a wildcard cert via acme to access some servers externally. The cert renewal is working great and is really handy.

I would like to use the same wildcard cert for truenas without ever having to manually import it to truenas. This works if I add truenas to haproxy…but I don’t want truenas available externally.

I have tried setting up another frontend in haxproxy that just listens on the lan and a backend to it for truenas.

I added a host override in dns resolver pointing at the lan listening address on haproxy.

When I try to access it via truenas. I get prompted to self sign it and it says not secure.

I’m obviously missing something…any ideas?

I have a guide on HAProxy troubleshooting

Thanks Tom, I did watch that video when you released it, watching it again was a big help.

1 Like

Hi,

Absolutely great forum, love it.

I have 15 servers behind HAProxy, all working fine as expected. I have 1 that doesn’t work. It is configured the same as the others, I just duplicated a working one and updated the values. This server is TrueNAS. No matter what I tried, it doesn’t work. It has a self-signed certificate.

I have 2 domains, .lan and .com. I use HAProxy for the .com domain. My DNS points all the .com addressees to my pfsense router where HAProxy is running. I followed the troubleshooting guide on the video with dig and openssl, no issues when testing my TrueNAS server via truenas.dellus.com. When I try to log in the web interface at truenas.dellus.com, I get 503 Service Unavailable - No server is available to handle this request. I tried different browsers, all the same.

My pfsense router web interface is running on port 10443 as suggested.

Is there a specific setup to TrueNAS and HAProxy?

I’ll appreciate help with this issue.

Thanks,

Laurent

Nothing special in my setup for TrueNAS

Here is the back end for mine:

Mode Name Forwardto Address Port Encrypt(SSL) SSL Checks
active TrueNAS Address+Port: 172.16.16.5 443 yes no

I also have health checks disabled. When you can’t see what is missing I just delete and recreate the back end.

Thanks Tom, I’ll try to delete the back end and recreate it manually. I’ll let you know.

Laurent

Hi Tom,

I’m a bit at lost. I deleted and recreated the HAProxy back end and front end, it didn’t help. I changed the DNS domain name of truenas to nas just for testing, and setup HAProxy accordingly, didn’t help either.

I have two local domains, .lan and .com. I can access truenas directly via truenas.dellus.lan, but I get the certificate error. This is the reason I want to use HAProxy on the .com domain. Maybe truenas needs to be told to serve web requests on the .com domain?

It’s no big deal but it does drive me crazy :slight_smile:

Cheers,

Laurent