pfSense - HAproxy Load Balancing

Discussion in 'Software Stuff' started by Jeggs101, Nov 9, 2015.

  1. Jeggs101

    Jeggs101 Well-Known Member

    Joined:
    Dec 29, 2010
    Messages:
    1,466
    Likes Received:
    218
    I've been doing my best with Google for about 4 hours now and life just sucks trying to do this.

    We have a public facing HTTP only website (Jekyll) so it is very fast and relatively secure (just serving static HTML files.) This is really a test and I want to do SSL offload on pfSense HAProxy but for now I just want pfSense working.

    The nice thing is that with no DB back-end doing HA is ridiculously easy. Make VM1 and VM2. Edit files on VM1 and have a rsync job to VM2. Crazy how cool it is.

    Here's where I'm beyond struggling.

    We have a public /25 that is being routed through a /30.

    Here is the test information:
    • Upstream gateway: 1.1.1.2
    • pfSense WAN IP: 1.1.1.3
    • WAN IPs being routed: 2.1.1.1/25
    • VM1 (internal IP): 10.0.0.2
    • VM2 (internal IP): 10.0.0.3
    • Trying to setup HAproxy on the WAN IP: 2.1.1.2

    If I were doing this using a VM like I usually do I'd 1:1 NAT the 2.1.1.2 to say 10.0.0.4. I'd create a port 80 front end and a backend going to 10.0.0.2 and 10.0.0.3. Really easy and this works no problem.

    So I've been reading everything and here is what I did:

    Step 1: Go to Firewall: Virtual IPs and on the Virtual IPs tab:
    Type: IP Alias
    Interface: WAN
    IP Addresses: Type-> Single address, Address -> 2.1.1.2/32

    Step 2: Go to Services HAProxy -> Frontend and make a listener
    Status: Active
    External address: Use Custom Address: 2.1.1.2 80
    Backend pool: VMPool1
    Type: HTTP/ HTTPS

    Step 3: Go to Services HAProxy -> Backend and make a listener
    Name: VMPool1
    Serverlist: Mode-> Active, Name JekyllHA, Forwardto Address+Port, Address 10.0.0.2, Port 80, Weight 1
    Mode-> Active, Name JekyllHA, Forwardto Address+Port, Address 10.0.0.3, Port 80, Weight 1

    Balance: Round robin

    Step 4: Go to Services HAProxy -> Settings
    Enable HAProxy checked

    This should be like the most basic config but when I go to http://2.1.1.2 I am getting the pfSense WebGUI.

    Any idea how to fix this???? I'm lost.
     
    #1
    Last edited: Nov 9, 2015
  2. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
    I would first take a step back and go get a drink or something. Whenever I troubleshoot pfSense I sometimes need to do the same.

    Here is my question: are your health checks working or are they failing? I am not 100% sure how to see this other than enabling the stats page. If they are failing, maybe try a different health check method.

    I will try to do something with this over the next week or so. Let me know what you find. I did look and the guides for something like this are sparse and old.
     
    #2
  3. j_h_o

    j_h_o Active Member

    Joined:
    Apr 21, 2015
    Messages:
    379
    Likes Received:
    76
    What ports are your pfSense admin UI running on? What happens when you move them to 444/81, then restart the HAProxy?
     
    #3
    Last edited: Nov 9, 2015
  4. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
    Hey @Jeggs101 I have wanted to do another pfSense article for some time. I will get something on the main site tomorrow.
     
    #4
  5. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
    Would this work for you? I am building it right now.
    upload_2015-11-9_20-14-22.png
     
    #5
  6. Jeggs101

    Jeggs101 Well-Known Member

    Joined:
    Dec 29, 2010
    Messages:
    1,466
    Likes Received:
    218
    Yes thanks. Maybe with IPs?
     
    #6
  7. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
    I fixed a few issues with that picture and added IPs in the version for tomorrow morning.

    I am falling asleep though!
     
    #7
  8. Patrick

    Patrick Administrator
    Staff Member

    Joined:
    Dec 21, 2010
    Messages:
    11,612
    Likes Received:
    4,565
Similar Threads: pfSense HAproxy
Forum Title Date
Software Stuff A silly Question, is there a better alternative to pfsense for home use? Dec 13, 2017
Software Stuff pfSense 2.5 - Hardware Requirements May 1, 2017
Software Stuff Project Proposal: ELK Stack for Monitoring Proxmox, pfSense, FreeNAS Apr 26, 2017
Software Stuff Suggestion pfsense virtualization or not? Apr 21, 2017
Software Stuff pfSense behind another router? May 15, 2016

Share This Page