MiAB with haproxy on pfsense

So I have pfsense with my static ip and haproxy setup. Haproxy is working and serving out my websites. Now I want to install MiAB in Proxmox VM in private ip I did install it and configure it as expected. I dont have blocked port 25 by ISP. I have port forward all ports for mail server (25, 143, 993 …) but I cant forward ports 80 and 443 as is haproxy using it…so I need proxy only website (nginx) of MiAB (admin, webmail …) all other ports are open. Also about cerficates, I am using acme in pfsense to get lets encrypt. And for now I am stuck here. I cant get to admin panel either from box.domain.com or private ip. When I insert privete ip into browser jt got auto redirect to box.domain.com. in haproxy I just put on port 443 and save…and when I go there I get “too many redirects”. I was trying a lot things and do a lot google search and cant get working. So if anyone could help, I will be happy.

1 Like

WARNING I am a cheesemaker, not a system administrator so no warranties, etc.
I attempted this using pfSense on a Proxmox server, but I did it with an nginx reverse proxy. I made it work with a couple of severs that were giving me that or something like that problem (sorry it was a while ago now, and I don’t remember the details entirely, but I remember having something very similar). My recollection is that it was hard to get it to work both on LAN and WAN at the same time, because both servers required doing the SSL themselves. You cannot reverse proxy encrypted packets obviously, since the reverse proxy cannot read the headers and doesn’t know which server to pass them to. The solution for me was to run certbot on both the nginx reverse proxy server and the VM it was proxying to, and to modify slightly the nginx config after that was done. I don’t think I was ever able to make it so that VMs within the LAN were able to access the various webservers directly because I always ran into issues with the certificates, but for me that isn’t a problem.

As above, I made it work with some of my VMs to be within a LAN behind pfSense, but full disclosure, I didn’t do this for the mail sever, which I wanted to keep super simple and I opted to use a second ip address for it, because it let me have a mail ip for reputational purposes that I might want to keep and move later, etc.

If you want to try to take a run at it with an nginx reverse proxy, this is adapted from my notes:

Get an nginx VM working (obviously you will need to port forward 80 and 443 to it within pfSense) and create a config file in sites-available

server {
listen 80;

server_name server.example;

location / {
    proxy_pass http://192.168.1.*;
    include proxy_params;


Change server name and ip as your case requires.

Enable it (create symlink in sites-enabled pointing to the config in sites-available) and restart nginx

Run certbot with the server’s domain on your nginx reverse proxy server

Reopen the config file (certbot will have added various things), and find the line with “proxy_pass http…” add an ‘s’ after the http so it becomes ‘https://’

Restart nginx

Then run certbot on your mail server (or whatever server you need to have https running on within your LAN).

1 Like

Sorry, one more thought. Now that I think about it, I was able to get VMs within the LAN working by adding each other to their respective /etc/hosts files.

1 Like

Okay, so I got working somehow, but not I have problem with login and from google search I need to enable websockets on my haproxy in pfsense. I did not found and usefull info how to do it. I can login to admin via private ip normal, but when accessing from fqdn I cant.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.