Sorry for bothering with another question. I’ve had set a firewall rule RED > RED:443 so HAProxy is able to forwared requests to DMZ server instances with SSL termination.
However, the Nextcloud self check failed until I defined a firewall rule like this: orange_dmzsrvr > RED:443. Then it worked; so it seems to me the LEMP server needs access to the RED:443 interface as well.
Thank you A DMZ rule would be fine when forwarding via NAT. In this scenario I understood HAProxy running on IPFire takes over forwarding, so I need to declare INPUT rules rather than NATted FORWARDs.
The idea is based on this post:
I understand the idea to open ports on iPFire for HAProxy is not preferred that much as it may decrease security on it. However, on the other hand, doing this has also got it’s upsides