3. Struggling with pfSense and HAProxy

Struggling with pfSense and HAProxy

Hello!

Let me guess, you're running into 503 errors when you try to go to your site? If HAProxy's stats page gives you the green "OK" then it's not pfSense or HAProxy, it's your web servers.

Why?

I was having this exact same issue on my web servers. The culprit, from my understanding, is that you need to turn off SSL on your webservers but still allow port 80 and 443 traffic.

If you're using Nginx, unfortunately I don't have a solution to recommend other than disabling/uninstalling it and installing/running Apache.

If you're using Apache, then nano/vi websites config(/etc/apache2/sites-enabled/www.example.com.conf) and make sure "SSLengine Off" is listed under VirtualHost 443. Example;

<VirtualHost *:80>
     #Domain Name
     ServerName www.example.com
     ServerAlias www.example.com

     ProxyRequests off
     ProxyPass / http://127.0.0.1:2369/
     ProxyPassReverse / http:/127.0.0.1:2369/

</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    ServerAlias www.example.com

    SSLengine off

    ProxyPass / http://127.0.0.1:2369/
    ProxyPassReverse / http:/127.0.0.1:2369/
    ProxyPreserveHost   On

    RequestHeader set X-Forwarded-Proto "https"

</VirtualHost>

I was fighting this for probably a week pulling my hair out thinking it was pfSense, but I ended up testing this on my dokuwiki server first(turnkey template, uses apache) and it worked perfectly, but my Ghost server(turnkey, uses nginx) had to have Nginx blown out and apache used instead.

Let me know if you have any questions. I've been meaning to make a blog post about this, but haven't had the time....

/r/homelab Thread
Previous
Next

Recently removed from /r/homelab

Anyone make the switch from pfsence to opnsense recently? Routing a device through another device on the same LAN The Post Formerly Known as Anything Friday - March 2023 Edition "Homeserver" in Data Center due to high energy prices in Germany The Post Formerly Known as Anything Friday - January 2023 Edition Rack servers Setting up a home-from-home lab at a remote site with only a captive portal WiFi connection available (aspirational project!) GPU passthrough issues Cheapest way to connect to home network when I move? Looking for advice to start my home lab journey Newbie looking for advice on current situation Anyone built a server rack / cabinet out of wood? Picked this beast up for $40 last night, 2x Xeon 5670’s and 8gb ram that I upgraded to 24! I’m super excited to have it as my server! Proxmox CentOS 7 Container, Login? (Feel Dumb) Installed this for a client

More Random Comments

Question about genetic and temperamental disposition, establishing Alabai x Akita? Gaetz sought pardon related to Justice Department sex trafficking probe Greg Rutowski paints a portrait of Greg Rutowski. Greg Rutowski CMV: There should be far more social consequences for cheating Gordan Ramsey firing a waiter in his early career for drinking water in front of customers Beginners, FAQ & Quick questions [Megathread] - Day 1 | Corndog Edition [WTS] Apex FN509 ACRO plate and FN 509 Springer magazine extension (SC) Do you have a Poker Face ? AITA for sharing my son's teacher's Instagram account with the other parents? Virginia will block schools from accommodating transgender students When are you planning to tell your job? AITA? Potentially skipping wedding reception for other plans. My first poem was ignored, no comment no nothing, lets see how this one goes. Driver swore up and down they were fine yesterday