pfSense, HAProxy, and Coder.
Howdy all, I am interested in spinning up an instance of Coder on my on-premises server inside of my home network. I have a proxmox server running a VM that I was able to install PostgreSQL and Coder onto following the guide on your website; however, I am running into an issue with the ACCESS_URL parameter! Other parts of my internal infrastructure are exposed to the internet through pfSense via HAProxy. I have everything set up that I would need, including DNS records pointing at my custom URL. Where I am running into an issue is the relationship between the server and the reverse proxy.
The front end of my proxy is looking for the SNI https://code.example.com and forwarding it to the coder backend... Pinging/nslookup/regular-ole-internet can see my domain/subdomain, but that is where the success stops. Even with Coder set up as a service on my server, checking the logs to see that it started successfully and verifying that the config is configured to point at my externally accessible URL, I cannot get to the Web UI.
I have tried the following:
Making the reverse proxy backend point at ports 8080, 8888, 80, 443, and 3000.
Static routing arbitrary port jklm to point at port 3000, 80, 443 and pointing the reverse proxy at the pseudonym to bypass the "localhost" nonsense.
Including port numbers on the Access URL to avoid any weird firewalling nonsense.
The only thing I have yet to try is exposing my coder server to the internet directly and pointing the DNS A record at that because I don't hate my home infrastructure, haha.
What am I missing? Is this a limitation of my setup? Or am I just foolish?
Coder is installed on a Debian 11 VM on proxmox. I went with VM (as opposed to LXC) for cgroup reasons that I don't want to get into.
pfSense is installed on bare metal and is a completely standalone unit. HAProxy is installed via the pfSense package manager and is used as a proxy for much of my infrastructure.
Thank you all in advanced!
3 Replies
Just for funsies, to share an update, changing the Bind Address setting to the server's IP Address (as opposed to the loopback address) seems to be playing nice for now... This might not be the most sustainable way of doing it, but it's working for now.
Have you set some kind of DNS Entry in your local DNS resolver (probably PFsense?)? You still need your resolver to point your domain name to the server, or in your case to your reverse Proxy. Otherwise it won't know what to do with that domain name.
sorry for the late answer, can I mark this post as resolved ?