just following somer redit threads that all seem to be pointing to web sockets thats seem to be handled by haproxy differently.
G
also found this one on GitHub, that seem to point to web sockets.
although as said, I can access through browser, only problem now is the not working mobile app.
G
The mobile app in the connection configuration screen actually says web socket not working.
G
George, you receive an “invalid certificate” error message.
What in the name of god would make you think the problem is not a certificate one…
because the mobile app is telling the web socket is failing.
and the fact that from the same mobile device access the url through safari works.
and the fact that from safari and firefox from other devices accessing the url works.
G
It maybe obvious but are you clearing the storage of the mobile app after making each of these changes?
clearing storage on mobile app, how would I do that.
What I have done is to totally close the app.
G
I don’t have an ios device. A long press on the icon brings me to androids settings for the app, from there I can clear the storage.
nothing like that in iOS, closest is a hard close of the app.
G
That’s strange there must be a way to flush the data out of the app. Not even an option to clear the cache? Maybe delete and reinstall. The app has a tendency of holding settings.
I’ve deleted the app, reinstalled, did not change.
also note have same problem on other iOS devices, even one that was not previously used.
G
What does it say in the phone app logs, under app settings?
tried a different reset,
again got URLSessionTask failed with error. The certificate for this server is invalid…
G
Try forcing a refresh of your certificate, to be sure it’s no more cross signed with the one that expired on Sep 30th.
certificate was issue by me on Friday.
G
Aren’t you making things more difficult then they are?
ISP->Modem->pfsense->ha
and use your domain name in pfsense
then in IOS
local: https://my.domain.url:8123
external: https://my.domain.url
I never really understood why i would need a reverse proxy (except for blocking improper pages for my younger kids 
)
What i did here with my router, would also work on your pfsense
the certificate enabling etc is all done in haproxy.
ha proxy is also doing the mapping of front end to back end.
at the moment I’ve disabled reverse proxy by CloudFlare.
so it is pretty much ISP → Modem → pfSense (with haProxy doing lets_encrypt)
the reverse proxy actually does allot more than that, it hides your ip. go and do a nslookup of your domain with and without reverse proxy enabled, with it enabled it will resolve to your ip, with it it does not.
will have a look at the above, what you did.
(I really don’t want to use DuckDNS or DynuDNS)
G
I don’t use duckdns, i use my own domain on ha.
when I started I did have a small challenge generating my certificate which I solved it by running a daily check with certbot and copy it to ha using samba when a new certificate was generated 
You might want to check my earlier posts regarding this topic… i already tried to explain many times
I use to use duckdns until they went to unreliable and then moved over to duckdns a couple of weeks ago, as I did not have a static domain,
but when all this started I bought myself a static domain, so want to implement using that.
really keen on the entire idea of reverse proxy… if I can.
Happy to leave dns with cloudflare,
I created via the ACME process a lets_encrypt cert with only ha.“my domain”.com and then a 2nd cert that contain three sub domains.
other bits of IT is my strong point, cert issues/uses is not strong, but I do live in a world where well aware of the risk.
thinking I need to relook how I do this… as mentioned, I got it all working, except for the iOS mobile app that comes up with a invalid cert, there is something about this that the iOS app does not like, the error message under “app configuration/Site name/WebSocket” says Disconnected
I’d go as far as offering a Zoom/Team session if you willing.
G
My steps:
- Assign your.domain name to your router DNS resolver in PFsense
- Enable DHCP within DHCP in PFSense
- Make IP reservation for HA’s IP IP reservation within PFsense
- Browse to your HA’s URL using https://hostname.your.domain:8123 internally and https://hostname.your.domain externally