Messages

this fixed unifi for me....
With unifi I was able to login... to the unifi os server... and then blank page. Scratched my head for days, until I came across this post.

thanks again....

well... this helped me... thank you.

I wonder why this is even necessary ?  I installed ntopng on my trusted network, so activity between devices on the same sub net should not require specific rules...

hmmm

yes, also interested in the response to this question... anyone ?

I found an interim fix for this problem.
I set the opnsense caddy handler to use http 1.1 only. This seems to solve the issue.

Not sure I love it... but works for now.

caddy can't start the opnsense web gui after upgrading to 24.7.12

Was working fine before the upgrade.

the handler is configured to do a tls skip verify... so not sure why its stumbling over this...

edit: Interesting in that seems to work ok from a "Private Window". Browser must be holding on to something ?

Just wanted to give a big high five to the caddy team for integrating their solution neatly into opnSense.
I revisited caddy about a year ago... and settled on haProxy instead, since caddy implementation on opnsense was quite immature at the time. haProxy comes with some complexity and reluctantly used that it for the last 12 months.

What a difference a year makes....

I revisited caddy yesterday, and got my whole reverse proxy up in a couple of hours. Integration with core opnsense was much better than I first envisioned. I really like how caddy leverages the trust store in opnsense should you choose to go that way (i did).

I found the doco incredibly clear, concise and super relevant for what I was trying to achieve...

I can see that is capable of doing way more than reverse proxying... and good to know. I may have some use for layer 4, or perhaps simple web hosting... in the future.

Chapeaux

same thing happened to me.

I had previously installed the mimugmail tailscale pkg... and configured it.

I then installed tailscale plugin and System became unresponsive and dns started failing....

I uninstalled the plugin and return to some normalcy... will try again later.

Are there any special install instruction for the plugin ? I suspect I should have uninstalled tailscale pkg before installing the plugin... am I wrong ?

I have got this to work, and use this approach on an experimental basis only...
Its a bit weird running your router in a vm on proxmox... because the vm has to come up before you home network can get served with ip addresses. This is why bare metal is much easier to deal with for the noob. It is easier to have your network infrastructure run out of band from your trusted services.

I use a Lenovo 1 litre pc, with a 4 x port ethernet card in it... works fine.

For proxmox... you will really need 3 x nic's to keep things simple.
- Wan (connects to your router/modem for internet)
- LAN (serve your home with trusted network services and dhcp)
- Proxmox management port (part of your lan. this is where the proxmox UI is defined)

In prox, you can define Lan and Wan as bridged interfaces... which is the easier way to go... The other alternative is to do PCI passthrough of the nic's, so prox will use the hardware directly, without added software layer of a bridge. The latter is more perfromant, but not really a big issue at the 1Gbit interface level.

Stick with it... its fun to do if you have the time...

Thanks monviech...  I gave caddy another try... I currently run HAProxy, but dont really need load balancing for the home network, caddy is simpler.
My results were uneven... thus far. Here is what I did....
- Turned off ddns as relying on opnsense for that
- Gave the domain a custom cert located in the opnsense trust store.
- Gave the domain a custom port of 30000, as haproxy is currently binding to 443 and 80.
- With this approach, caddy does not terminate the connection. Seems to work however if I give it default 443

- Further to this... I disabled haproxy, and enabled caddy
- created a brand new domain and opnsense LE cert.
- bound caddy to 443 and seemed to work ok
- Home assistant loaded fine, the backend is unencrypted
- when backend was encrypted however, I checked the tls box for the backend, but alas failed to certify
  - this was the opnsense gui... which I put on a different port (41443)
  - Gui failed to load.
  - Similar approach seems to work in haproxy... where you check tls but dont bother to certify.

I will try again in a few days... to see if I can work around some of these things...
best regards,

nice plugin... super simple !

Is it possible to defer certs to the opnsense trust store ? 
I already have LE generating certs there... and would like to use those, rather than have caddy own the process of creating/renewing the cert ?

------------ answer ------
I can see now, that you can select other cert if you use advanced option for the domain.

my road warrior setup was not properly connecting, so I consulted latest release documentation to see if everything was setup properly.
Ther doco appears corrupted. The instructions point to items that do not exist, and has become very confusing.

Perhaps a close reading is needed to see if the document remains to be fit for purpose.

i have this problem too... still wondering how to overcome this.

trying to install htop from mimugmail repo.... but its not there.
Am i missing something ?

Is this possible ?
I searched around and could not find anything.
I have a topic that is some 40 pages and would like to search through it...
the search feature on the forum does not seem to provide this...
anyone ?

cool stuff...