pfSense and HAProxy — ACL for SNI host-name matching does not work

Photo by Compare Fibre / Unsplash

Piere Wöhl

Sep 19, 2021 — 1 min read

Hi i tried to publish the syncthing WebGUIs from my DMZ systems to my internaly accessible haproxy VIP on my pfSense firewall and couldn’t figure out WHY I can’t connect to the service, it seems to have error “503 Server not found” until I choose to use the default backend.

I was stuck for half an hour, this moment as I write this blog entry. I figured out:

HAProxy refers to the first match of the acl per IP in the frontends, NOT WITH THE PORTs in mind. I had to use a different ACL check that matches only this frontend I wanted.

Originally published at https://www.pierewoehl.de on September 18, 2021.

Microsoft Intune - Scoping Tags

Please note: This Video is in German This blog is about how to use the scoping feature in Microsoft Intune. It lets you separate administrative tasks for specific roles, groups, or teams. For example, imagine a group of people managing Microsoft Teams Rooms devices. You might want to give them

2FA for Ghost Admin Panel

Hi, I setup this blog yesterday with Ghost, you are using it right now. But I wanted to protect the Admin Panel with 2FA but Ghost does not support that. I thought how else could I do that! I use authentik to authenticate to almost any application I run in

Restoring your contacts from a broken Nextcloud instance

Hi,

S3 mit Hetzner StorageBox

Hi, ich bin gerade dabei mein Offsite backup vom S3 Storage Hoster Wasabi zu eine Hetzner StorageBox umzuziehen.

Read more

Microsoft Intune - Scoping Tags

2FA for Ghost Admin Panel

Restoring your contacts from a broken Nextcloud instance

S3 mit Hetzner StorageBox