Thank you! I watched multiple other tutorials yesterday afternoon and spent all night reading different forums in an attempt to troubleshoot where I was going wrong. Those tutorials were leaving out critical steps, as well as providing incorrect information. I followed this video, as well as your tutorial for the pfSense ACME Let's Encrypt plugin, and it worked to perfection.
Thank you... very good. A hint to everyone one else following tutorial without background checking what things actually are.... Don't use "pfctl -d" if you connected with OpenVPN to the router, as this turns off the packet filtering and also NAT... ;-) (Anyway, it opened up the pfsense to be reachable from outside and I managed to login and reboot pfSense)
Thank you ! I've watched different videos, but yours is definitely the most simple how-to and the best explained without useless blahblah My different servers are now reachable
Great videos. Clear, concise and to the point. I'm trying to add one additional component to the setup. Was wondering if you could point me in the right direction. I use a Synology NAS to host a few web applications, ie. photos, note station, file station, etc. These are all accessible via subdirectories of the main site. How would I go about forwarding a subdomain to a subdirectory of that subdomain or another subdomain? Would I use frontend or backend and what would the ACL and action look like? Thanks so much.
Apologies that I cannot give you a direct answer, as I don't have this particular lab environment set up at the moment. However, it certainly can be done, as I recall having some RegEx based redirects for subdirectories, routing to totally different backend servers.
Certainly can do that with subdomains and hostname matching. For what you want to accomplish, would this be something like: website1.example.com website2.example.com or example.com/website1 example.com/website2 ?
Hi I want to make a rule or an condition to forward to port 443 to specific domain, but I have an issue because I want to forward without certification (cert) in the other local ip I have a valid cert but they both crashed. So I don’t find a way
Yep! HA Proxy is the service you’re looking for. Check out this quick guide I made for setting it up, including free auto-renewing Lets Encrypt SSL certificates! ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-KkRHqxbWvAM.html
instead of switching the port on the firewall you could setup an VIP (Firewall -> Virtual IPs) and then within the HAProxy bind to it. you wont setup rules that target the firewall. you could then just NAT 443 to the VIP
i am facing issue i want to use my domain without 'www' i tried but not resolved and shows (503 Service Unavailable No server is available to handle this request.) i need help in this with Haproxy and domain configuration, can u show me the video ref for redirecting non www to www once again thank you,
Sure! Do you mean Cloudflare as a secure and private DNS provider? If so, I’m referring to this video: ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE--uzNMospB5I.html
... know I'm asking allot, but do think this is very much in line with a good way to configure all and expose a HA deployment (which in my case is also used to arm/disarm my alarm system)
Hello sir, Lets say I have SOCKS5 Proxy from a third party, which incldes, IP, PORT, USERNAME AND PASSWORD. so, How to setup this socks5 with ha proxy? Is it possible? or if not, can you suggest me something else? thank you.
Great question! Typically socks5 proxy is for outbound web traffic originating from inside your network. HA Proxy is allowing you to serve up web services to the Internet, and should be fully separate from your socks5 proxy
I was flow all your video about pfsense. I have question please help me out. I have two vm, I want to ssh to this VM without using openVPN (it's mean I want to ssh via WAN IP, I want to connect ssh via haproxy). Can you please help me, because I was research all day but can not ssh :((
HAProxy wouldn't be needed, this is just proxying web traffic. You could set up a NAT to forward port 22/TCP to the server you want to SSH to. I recommend some security measures if you're going to expose SSH to the Internet (bots will start hammering it pretty quickly) * If at all possible, scope the allowed IPs to a particular public IP address (not always possible) * Ensure you have a strong password on all SSH-enabled accounts on the box you're exposing * Even better, enforce RSA key-pair authentication.
Follow-up for this is coming out Monday! It’s where my pfSense series and Docker container series cross over, as the example web server will be a containerized sample Wordpress + Database environment, behind HA Proxy... video releases at 6am Pacific time!
Sorry...but the http to https redirect rule doesn’t work...from my lan or my OpenVPN connection if I type ....I still get the internal http website version and not the https....