PfSense: reverse proxy all the things. Part 3: Configure HA-Proxy for SSL traffic
In this part we configure HA-Proxy for SSL traffic
Other Parts in this series:
– PfSense: reverse proxy all the things. Part 1: OpenVPN on tcp port 443
– PfSense: reverse proxy all the things. Part 2: Install HA-Proxy and configure frontend and backend for OpenVPN
– PfSense: reverse proxy all the things. Part 4: Install AMCE for automatic SSL certificates
- PfSense: reverse proxy all the things. Part 5: Configure HA-Proxy for SSL-Offloading
Part 3: Configure HA-Proxy for SSL traffic
Configure backend for SSL traffic
we need a backend configured on the localhost to route the SSL traffic.
The name for my backend is '4-PublicSSL' running configure to send SSL request to '127.0.0.1:8444' that's where we configure on next configure our frontend
Configure frontend for SSL traffic
Now we're creating the new frontend to route SSL traffic based on access control list (acl)
External Address: localhost(IPv4) port: 8444
in my example there is a acl added to route all traffic from FQDN *.k3s.example.com to a certain backend
that means that any request that comes in for a subdomain of k3s.example.com will be routed to this backend.
feel free to start creating your own rules here to route pure ssl traffic to the backends
example backend for k3s.example.com
here's an example of how the 4-k3s-SSL backend is setup to route traffic to k3s.
Encrypt(SSL) and SSL checks should both be unchecked
In the Loadbalancing option you can configure load balancing.
Mine is usually set for 'Least connections'
If you need persistence you can configure sticky tables for that
that's it, SSL traffic can now nicely being routed to various backend based on what FQDN it has.