Hello guys, i want to put multible domains behind one public ip, so i have to use a reverse proxy. I’m combining pfsense 2.4.4 with the HAproxy. 

Here’s what i’ve got:

  • WordPress Webserver, domain.ch
  • WordPress Webserver, otherdomain.ch
  • Nextcloud 14, sub.domain.ch

First, install the HAproxy package


Create the needed Firewall rules


Enable the HAproxy


Configure the stats port


Create your backends


Backend overview for wordpress webserver


Backend overview for nextcloud webserver
Change the timeout and health check method


Here is the frontend overview


Configure the external IP and port


Frontend type is http/https(offloading)


Create the frontend ACLs – type each domain


Create the frontend actions – Connect each ACL with the correct backend webserver


Control the stats – each server needs to be up


Heres the needed wordpress config


Hers the needed nextcloud config


visvic · 2. April 2019 at 23:11


Sorry for my bad english, i’m French.

Thanks a lot for tuto, but something hurts me :s, the interface of the router is totally naked on the internet.

When opening ports one is already vulnerable, but then with router interface, goodbye security.

do you have a solution to this?

thank you in advance friend, see you later

Octavio Rodriguez · 14. May 2019 at 18:03

Hi Tobias,

Thanks for your very nice write up about configuring HAProxy. I’ve a use case were a WebService is listening under http:/Interface/name/execute, is it possible to use HAProxy to redirect requests to name.ddns.net to be always redirect to this WebService?

So if my client performs a request to http://name.ddns.net that request should be passed to this web service on I’ve tried the following config:

Server List | Mode:Active, Name:BackendService, ForwardTo: Address+POrt, Address:, Port:80
ACL | Name: BackendACL, Expression: Host Matches, Value: name.ddns.net
Actions | Action: http-request set path | Params: fmt:/interface/name/execute | Condition: BackendACL

Listen Address: WAN Port: 80
ACL | Name: WebService, Expression: Host matches: name.ddns.net
Actions | Use Backend: BanendService
Default Backend: Backend Service

Any pointers will be greatly appreciated!


    Tobias Moor · 16. July 2019 at 16:15

    Hello Octavio, sorry for the late reply. I will have a look at your configuration at the weekend and will give you some feedback – if you still need it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notice: Undefined index: bootstrap in /var/www/wordpress/wp-content/themes/hestia/inc/core/class-hestia-public.php on line 878

Notice: Trying to get property 'src' of non-object in /var/www/wordpress/wp-content/themes/hestia/inc/core/class-hestia-public.php on line 878