Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS (Read 5523 times)
Monviech
Hero Member
Posts: 920
Karma: 98
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #15 on:
March 29, 2024, 06:12:19 am »
Glad you could find the option you need. I think the ACME Plugin and Caddy can run at the same time and issue certificates too, I don't think there are regressions, but I don't know.
Its interesting to use the build in certificate generation of caddy because it also does automatic ocsp stapling.
Also, make sure you create an automation that restarts caddy when the Lets Encrypt certificates are renewed by the ACME Plugin if you continue using it. Otherwise the certs wont be reloaded if theyre reissued.
I'll check if I can create a pull request to add that as automation like nginx and haproxy.
EDIT:
https://github.com/opnsense/plugins/pull/3877
«
Last Edit: March 29, 2024, 10:19:38 am by Monviech
»
Logged
Reverse Proxy with automatic HTTPS and Dynamic Dns
os-caddy
,
Tutorial
,
Docs
Hardware:
DEC740
bucky2780
Newbie
Posts: 26
Karma: 2
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #16 on:
March 30, 2024, 04:59:16 am »
Thanks monviech... I gave caddy another try... I currently run HAProxy, but dont really need load balancing for the home network, caddy is simpler.
My results were uneven... thus far. Here is what I did....
- Turned off ddns as relying on opnsense for that
- Gave the domain a custom cert located in the opnsense trust store.
- Gave the domain a custom port of 30000, as haproxy is currently binding to 443 and 80.
- With this approach, caddy does not terminate the connection. Seems to work however if I give it default 443
- Further to this... I disabled haproxy, and enabled caddy
- created a brand new domain and opnsense LE cert.
- bound caddy to 443 and seemed to work ok
- Home assistant loaded fine, the backend is unencrypted
- when backend was encrypted however, I checked the tls box for the backend, but alas failed to certify
- this was the opnsense gui... which I put on a different port (41443)
- Gui failed to load.
- Similar approach seems to work in haproxy... where you check tls but dont bother to certify.
I will try again in a few days... to see if I can work around some of these things...
best regards,
Logged
Monviech
Hero Member
Posts: 920
Karma: 98
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #17 on:
March 30, 2024, 06:20:19 am »
Caddy has port 80 and 443 as a requirement for itself. Running it at the same time as other services that use it is not supported.
When using the build in certificate generation, any port on the Domain works, even ports like 30000 etc. I know that cause a small project uses this plugin where they have the same domain from 30000 to 30050 listening on the front end, reverse proxying each port to a different handler. (Reverse Proxying a lot of stable diffusion instances for the API.)
For the "check a box that just skips TLS verification" there is a new feature for that coming in the next version that allows that.
Otherwise the docs have examples how it works with the OPNsense GUI right now.
Thanks for trying the plugin. ^^
«
Last Edit: March 30, 2024, 06:24:52 am by Monviech
»
Logged
Reverse Proxy with automatic HTTPS and Dynamic Dns
os-caddy
,
Tutorial
,
Docs
Hardware:
DEC740
pieter123
Newbie
Posts: 2
Karma: 0
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #18 on:
March 31, 2024, 05:55:34 pm »
Hi,
I would like to install this plug in but can't find it in the Plugins list under firmware.
Opnsense version 24.1.b_130
Any suggestions?
Thanks!
Logged
Patrick M. Hausen
Hero Member
Posts: 5049
Karma: 426
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #19 on:
March 31, 2024, 06:17:59 pm »
It's in 24.1.4
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
pieter123
Newbie
Posts: 2
Karma: 0
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #20 on:
March 31, 2024, 08:16:59 pm »
Quote from: Patrick M. Hausen on March 31, 2024, 06:17:59 pm
It's in 24.1.4
Got it, thanks!
Logged
thg0432
Newbie
Posts: 25
Karma: 3
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #21 on:
May 04, 2024, 05:21:33 pm »
Has anyone had issues with Google home devices (not the routers but the hubs or other display devices) losing functionality after implementing caddy directly on the firewall? I previously had nginx proxy manager and currently used zoraxy. Both of which i had a nat rule setup and everything works fine. I'd like to use caddy and have everything setup directly on the firewall but that's a deal breaker. I setup the wan/lan rules and removed the nat as noted in the guide. Everything works great with the exception of it breaking functionality of those devices
Logged
Monviech
Hero Member
Posts: 920
Karma: 98
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #22 on:
May 04, 2024, 08:12:02 pm »
I'm using Google Home Minis and also Chromecasts. I didn't experience any breakage in functionality after implementing Caddy on my firewall.
I can't imagine what the problem should be, maybe a configuration problem of the Firewall or NAT rules.
Please check the firewall live log what happens when you voice command your google devices. Check if DNS fails (most probable cause), or packets get blocked.
Logged
Reverse Proxy with automatic HTTPS and Dynamic Dns
os-caddy
,
Tutorial
,
Docs
Hardware:
DEC740
thg0432
Newbie
Posts: 25
Karma: 3
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #23 on:
May 04, 2024, 08:28:52 pm »
that's the thing...I won't even load...it appears to be a dns issue. Because it can't contact google, it just hangs on the either the loading screen or it displays the clock but the clock never updates because it can't contact google. My tv's which have google built in work fine, but just an older lenovo google display device craps the bed whenever i've tried.
Logged
Monviech
Hero Member
Posts: 920
Karma: 98
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #24 on:
May 04, 2024, 09:12:35 pm »
There's probably not much I can do about that without being able to know what exactly is going wrong, and how to reproduce it.
It's highly unlikely it has to do with running Caddy. Its more likely to be a firewall configuration issue.
Logged
Reverse Proxy with automatic HTTPS and Dynamic Dns
os-caddy
,
Tutorial
,
Docs
Hardware:
DEC740
thg0432
Newbie
Posts: 25
Karma: 3
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #25 on:
May 05, 2024, 02:55:39 am »
I tend to agree. Just wanted to ask in case you'd heard anything like that before. I appreciate it
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS