Running HAproxy on Proxmox

Question

I installed Proxmox and I want to make the 2nd scheme in the picture.

For this, I installed HAproxy (1.7.8) on Proxmox (5.4) and edited the HAproxy's config file. I get a 503 error when I try to access it with domains. What could be the reason for this?

If the second scheme is not possible, can I at least make the first scheme?

Answer 1

I would suggest running pfSense in a vm on proxmox. pfSense has an haproxy extension and supports high availability. Route all your traffic through the pfSense/haproxy. There's also a bunch of security benefits you get when you do it this way, such as firewall rule, NAT, certificate management, DHCP, etc...

https://www.pfsense.org

https://docs.netgate.com/pfsense/en/latest/packages/haproxy.html

You can download the pfSense iso at the following link.

https://atxfiles.netgate.com/mirror/downloads

Answer 2

No problem to use #2, Proxmox use only port 8006 and some SPICE port or something - 80 + 443 is free to use. I use nginx instead of haproxy inside proxmox in VM like other VMs and forward traffic from outside through firewall via proxmox into nginx VM and into each VM where real websites are running on port 80 (https letsencrypt certs are in nginx VM). If you setup NAT for 80,443 you can easily use and renew letsencrypt certs for every domain. You could have the same directly on proxmox server in haproxy/nginx.

Answer 3

I don't see any real reason why the second option is not a possibility. I will admit I'm running HAProxy on a different server to my Proxmox cluster but the idea is the same. Some things to look at to start with are:

• Do you see the traffic request coming into your HAProxy Frontend?
• Can you ping the IP Addresses of your VMs from the Proxmox node?
• Can you telnet to the port of the service of the VM from the Proxmox node?
• Do you have an IP in the same subnet as your VMs assigned directly to your Proxmox? Other than checking these I would need to see the network config and HAProxy config to be of anymore help.