1
23.7 Legacy Series / NGINX + LetsEncrypt(ACME) Plugin help
« on: September 01, 2023, 08:08:47 pm »
So the jist of what I am trying to do is setup the OPNSense NGINX plugin as a reverse proxy so that I can forward all my subdomains to the correct ip/port, all over HTTPS.
I setup the ACME plugin and have that working fine with letsencrypt and cloudflare.
I turned on the WAP stuff.
I setup a upsteam server / upstream / location / http server and when I try to navigate to the subdomain I get this.
Upstream Server
Upstream
Location
- URL Pattern = /
- Enable Security Rules = Checked
- Upstream Servers = SeionServer NodeRed
- Force HTTPS = Checked
HTTP Server
- HTTP Listen Address = 80,[::]:80
- HTTPS Listen Address = 443,[::]:443
- Server Name = {MySubdomain.domain here}
- Locations = NodeRed Location (Location above)
- TLS Certificate = mysubdomain.doman (ACME Client)
- Client CA Certificate = R3 (ACME Client)
- HTTPS Only = Checked
Cloudflare has SSL Strict Mode on and Proxy "Cloud" off
I put the ACME Client Cert and Key on the upstream server and told nodered to use them also.
I need to know how to do this properly because I have a bunch of services running on the upstream server on different ports.
I had NGINX running on the upstream server just fine doing reverse proxy, so trying to transfer that config to the OPNSense NGINX Proxy Plugin.
I setup the ACME plugin and have that working fine with letsencrypt and cloudflare.
I turned on the WAP stuff.
I setup a upsteam server / upstream / location / http server and when I try to navigate to the subdomain I get this.
Upstream Server
Upstream
Location
- URL Pattern = /
- Enable Security Rules = Checked
- Upstream Servers = SeionServer NodeRed
- Force HTTPS = Checked
HTTP Server
- HTTP Listen Address = 80,[::]:80
- HTTPS Listen Address = 443,[::]:443
- Server Name = {MySubdomain.domain here}
- Locations = NodeRed Location (Location above)
- TLS Certificate = mysubdomain.doman (ACME Client)
- Client CA Certificate = R3 (ACME Client)
- HTTPS Only = Checked
Cloudflare has SSL Strict Mode on and Proxy "Cloud" off
I put the ACME Client Cert and Key on the upstream server and told nodered to use them also.
I need to know how to do this properly because I have a bunch of services running on the upstream server on different ports.
I had NGINX running on the upstream server just fine doing reverse proxy, so trying to transfer that config to the OPNSense NGINX Proxy Plugin.