Accessing OpenShift through a front end proxy

[cshabazian]

I have OpenShift running on a private 10.x network, and it works just fine trying to access it from another system on the same network. Now I want to expose it to public traffic through haproxy, but I can't seem to get it to work. I tried using the configuration for accessing CRC as found here: https://cloud.redhat.com/blog/accessing-codeready-containers-on-a-remote-server/ but that didn't get it done.

Here is my setup:
Single node Openshift on 10.x network
haproxy with a NIC on public network 23.x network and NIC on 10.x network
haproxy works just fine to other servers, all running in mode http

haproxy front/back ends:

frontend private
#_apps.example.com:6443
acl host_example.com:6443 hdr_dom(host) -i apps.example.com:6443
use_backend apps.example.com:6443 if host_apps.example.com:6443

frontend http
#_apps.example.com
acl host_example.com hdr_dom(host) -i apps.example.com
use_backend example.com if host_example.com

backend apps.example.com:6443
server example.com 10.x.x.x:6443 ssl check inter 1000 verify none

backend apps.example.com
server example.com 10.x.x.x:443 ssl check inter 1000 verify none

My traffic hits the haproxy and gets through to the OpenShift installation, but I get the following:

##############################################
Application is not available
The application is currently not serving requests at this endpoint. It may not have been started or is still starting.

Possible reasons you are seeing this page:

The host doesn't exist. Make sure the hostname was typed correctly and that a route matching this hostname exists.
The host exists, but doesn't have a matching path. Check if the URL path was typed correctly and that the route was created using the desired path.
Route and path matches, but all pods are down. Make sure that the resources exposed by this route (pods, services, deployment configs, etc) have at least one pod running.
##############################################

Advice? Direction? Help?

Is there a better way to do this? I have another public IP address I can use.

BTW, the entire setup is fronted by pfsense. I tried creating a NAT to the installation, but that didn't seem to work either.