I have recently just done this with a concatenated config to have some systems ssl terminated and others not. It works quite nicely except for the fact that I can’t get the client IP address to the ones I want ssl terminated. I can see the client IP hitting the TCP frontent in the PFsense HAProxy dashboard. I have tried to use send-proxy to the backend that loops bact to the 127.0.0.1 address and then all my sites break that are ssl terminated. Just not sure if I am attaching it to the right place or if I need to add accept-proxy to a front-end. I’m using the haproxy install in pfsense
Any help would be great
UPDATE:
All good. Looks like all I needed to do was add ‘accept-proxy’ to the Bind Pass thru on my shared frontend and also ‘send-proxy’ on my looped back port 8443 backend
I can now set ACL’s properly to limit access by IP
Figured it out from this Link