1
General Discussion / Re: nginx config TLS error
« on: September 11, 2021, 12:08:38 pm »
Ok this worked after i set the upstream server port back to 443. Wow thank you!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
2
General Discussion / Re: nginx config TLS error
« on: September 11, 2021, 11:47:05 am »
Hi,
I took off this option. Still getting black opnsense request denied and the same error. Thank you for help its been a month of this jumping back and forth between ha proxy and nginx. cant find the issue.
I took off this option. Still getting black opnsense request denied and the same error. Thank you for help its been a month of this jumping back and forth between ha proxy and nginx. cant find the issue.
3
Web Proxy Filtering and Caching / Re: [TUTORIAL] Nginx as simple reverse proxy with web application firewall and SSL
« on: September 11, 2021, 05:16:41 am »reserved for Web application firewall configuration
bump
thanks for the guide
4
General Discussion / nginx config TLS error
« on: September 11, 2021, 04:00:25 am »
Hi
I amhaving trouble connecting to VM (running on esxi vmware). I get the following error in the logs:
i have installed nextcloud vm, without setting up local certbot, instead using tls cert using snake oil and have tried an openssl cert on the local VM, if i do http only, local vm and opnsense nginx then nextcloud appears to work to a degree, certs dont give errors but no tls i gues. The main cert is managed by lets encrypt on opensense. I have a fixed IP and a registered domain. I can load nextcloud and it appears to be fine except using it on WAN side breaks so im guessing the SSL is still not correct. Is there a way to connect the opnsense letencrypt cert to the VM?
I amhaving trouble connecting to VM (running on esxi vmware). I get the following error in the logs:
Code: [Select]
1 upstream SSL certificate verify error: (18:self signed certificate) while SSL handshaking to upstream, client: 192.168.1.11, server: cloud.ellsium.com, request: "GET / HTTP/2.0", upstream: "https://192.168.1.10:443/", host: "cloud.ellsium.com"i have installed nextcloud vm, without setting up local certbot, instead using tls cert using snake oil and have tried an openssl cert on the local VM, if i do http only, local vm and opnsense nginx then nextcloud appears to work to a degree, certs dont give errors but no tls i gues. The main cert is managed by lets encrypt on opensense. I have a fixed IP and a registered domain. I can load nextcloud and it appears to be fine except using it on WAN side breaks so im guessing the SSL is still not correct. Is there a way to connect the opnsense letencrypt cert to the VM?
5
General Discussion / Opnsense HAProxy lets encrypt setup with SSL docker containers
« on: August 15, 2021, 07:36:27 pm »
Hi,
Thanks to @TheHellsite for his HAproxy setup. My reverse proxy with letsencrypt is setup. This is a different approach to what i am used to. Normally the local system manages the certificate. So how do we handle SSL on traefik docker containers? EG. My nextcloud is running but cert is invalid. I guess the same applies to other docker-compose.yml setup where many containers use acme letsencrypt to get certs.
Thanks to @TheHellsite for his HAproxy setup. My reverse proxy with letsencrypt is setup. This is a different approach to what i am used to. Normally the local system manages the certificate. So how do we handle SSL on traefik docker containers? EG. My nextcloud is running but cert is invalid. I guess the same applies to other docker-compose.yml setup where many containers use acme letsencrypt to get certs.
6
General Discussion / Re: how to change nginx port
« on: August 10, 2021, 05:27:38 pm »
Hi me 
So far:
the dns-01 secret key. how is this obtained? Sign up to desec.io etc.
Also is it required for fixed ip? DNS challenge is required but dyndns (dynamic DNS) setup is not required on fixed IP.
So far:
the dns-01 secret key. how is this obtained? Sign up to desec.io etc.
Also is it required for fixed ip? DNS challenge is required but dyndns (dynamic DNS) setup is not required on fixed IP.
7
Tutorials and FAQs / Re: Tutorial 2021/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
« on: August 10, 2021, 05:24:42 pm »
Hi,
So was setting up all night and all morning.
I skipped and removed dyndns plugin.
I completed the rest of the steps, except for the map as no subdomains setup yet.
I also didnt add a wild card for subdomains to the cert, when i did add it the cert failed. once removed the cert installed fine.
When i checked the local ip in browser, it works. When i type www.example.com it fails and cant ping address.
Had a hunt for what it could be, in the end decided to reboot opnsense and see if it shows errors.
Now rebooted HaProxy status is down and will not start.
I have looked in every log and there is only this:
2021-08-10T15:15:37 root[90544] /usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
2021-08-10T15:15:30 root[91171] /usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
2021-08-10T15:00:29 root[26043] /usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
2021-08-10T14:59:58 syslog-ng[29102] syslog-ng starting up; version='3.33.2'
2021-08-10T14:59:56 syslog-ng[70806] syslog-ng shutting down; version='3.33.2'
2021-08-10T14:59:55 root[49764] /usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
thinking to remove HAProxy and start again?
So was setting up all night and all morning.
I skipped and removed dyndns plugin.
I completed the rest of the steps, except for the map as no subdomains setup yet.
I also didnt add a wild card for subdomains to the cert, when i did add it the cert failed. once removed the cert installed fine.
When i checked the local ip in browser, it works. When i type www.example.com it fails and cant ping address.
Had a hunt for what it could be, in the end decided to reboot opnsense and see if it shows errors.
Now rebooted HaProxy status is down and will not start.
I have looked in every log and there is only this:
2021-08-10T15:15:37 root[90544] /usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
2021-08-10T15:15:30 root[91171] /usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
2021-08-10T15:00:29 root[26043] /usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
2021-08-10T14:59:58 syslog-ng[29102] syslog-ng starting up; version='3.33.2'
2021-08-10T14:59:56 syslog-ng[70806] syslog-ng shutting down; version='3.33.2'
2021-08-10T14:59:55 root[49764] /usr/local/etc/rc.d/haproxy: WARNING: failed to start haproxy
thinking to remove HAProxy and start again?
8
Tutorials and FAQs / Re: Tutorial 2021/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
« on: August 09, 2021, 07:38:08 pm »
Is dynamic dns still needed for fixed IP. You did say start from part 2 step 3. This update URL makes me think?
9
Tutorials and FAQs / Re: Tutorial 2021/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
« on: August 09, 2021, 07:10:56 pm »
Thank you,
name servers updated. I have added A and MX records (set MX prefence to "10", is that right?).
In the opnsense Dynamic DNS, stuck on update URL. just type update.example.com?
name servers updated. I have added A and MX records (set MX prefence to "10", is that right?).
In the opnsense Dynamic DNS, stuck on update URL. just type update.example.com?
10
Tutorials and FAQs / Re: Tutorial 2021/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
« on: August 09, 2021, 06:45:54 pm »
Wow thank you
Yes IP is fixed 100%.
- What are your domains? .com and .co.uk eg. example.com is my primary one.
- What are your subdomains? cloud.example.com dev.example.com
- What is your domain hosting provider? 123reg.co.uk
Have got to step Part 2 step 7. setting up opnsense dynamic DNS. So far have followed all steps par i registered example.com and not "anything.dedyn.io".
So before continuing i will check 123reg.co.uk options
Yes IP is fixed 100%.
- What are your domains? .com and .co.uk eg. example.com is my primary one.
- What are your subdomains? cloud.example.com dev.example.com
- What is your domain hosting provider? 123reg.co.uk
Have got to step Part 2 step 7. setting up opnsense dynamic DNS. So far have followed all steps par i registered example.com and not "anything.dedyn.io".
So before continuing i will check 123reg.co.uk options
11
Tutorials and FAQs / Re: Tutorial 2021/08: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
« on: August 09, 2021, 04:31:33 pm »
Hi
@TheHellsite Thank you so much for your time and knowledge
If you have a fixed IP, does the DynDNS Configuration step need to be done? if skipped is there other settings i should put in?
If it is a must when we signup, there are 2 options :
configure your own domain
or
register under dyn.io
i have my own domain names about 10. Do i add each one to there system to get certs then duplicate the process to reverse proxy and cert the other domains?
If you use your real domain eg. www.123.com Do i need to go to my current domain registrar and change name servers to point to desec??
Thank you for the help. just want to get these vms up so i can programme again
going to cry.
@TheHellsite Thank you so much for your time and knowledge
If you have a fixed IP, does the DynDNS Configuration step need to be done? if skipped is there other settings i should put in?
If it is a must when we signup, there are 2 options :
configure your own domain
or
register under dyn.io
i have my own domain names about 10. Do i add each one to there system to get certs then duplicate the process to reverse proxy and cert the other domains?
If you use your real domain eg. www.123.com Do i need to go to my current domain registrar and change name servers to point to desec??
Thank you for the help. just want to get these vms up so i can programme again
going to cry.
12
General Discussion / how to change nginx port
« on: August 08, 2021, 01:04:17 pm »
Hi
I have been following this tut. https://forum.opnsense.org/index.php?topic=19305.0
the dns-01 secret key. how is this obtained? Also is it required for fixed ip?
Can i leave it on http-01, and change nginx port? how would i change nginx port?
Thank you
I have been following this tut. https://forum.opnsense.org/index.php?topic=19305.0
the dns-01 secret key. how is this obtained? Also is it required for fixed ip?
Can i leave it on http-01, and change nginx port? how would i change nginx port?
Thank you
13
General Discussion / Re: Stuck on web server setup
« on: August 06, 2021, 05:17:44 pm »
Hi
Yes, so we have many domain names pointing at 1 fixed IP. Then into opnsense serving VMs in ESXI. so need to point to the ip address of the VM and add certs.
Yes, so we have many domain names pointing at 1 fixed IP. Then into opnsense serving VMs in ESXI. so need to point to the ip address of the VM and add certs.
14
General Discussion / Re: Stuck on web server setup
« on: August 06, 2021, 12:45:22 pm »
Hi
Yes not clear in my question here.
1. Just change the settings you suggested. Same error. I did notice i have FIREWALL>NAT>PORTFORWARD it as one entry saying "no redirect (green !)"
2. Use Haproxy or nginx on opensense
Thank you
Yes not clear in my question here.
1. Just change the settings you suggested. Same error. I did notice i have FIREWALL>NAT>PORTFORWARD it as one entry saying "no redirect (green !)"
2. Use Haproxy or nginx on opensense
Thank you
15
General Discussion / Stuck on web server setup
« on: August 06, 2021, 12:00:04 pm »
Hello
So i finally got opnsense up and running last week after nights of being stuck. meaning internet is passing through. Now i am trying to get the the webserver running.
Think im getting in a tangle. Im also getting this message for the main domain pointing at my ip:
"A potential DNS Rebind attack has been detected.
Try to access the router by IP address instead of by hostname."
I have made a VMs for my domains to be hosted and require reverse proxy as only have 1 ip. I installed the nginx plugin for opensense. Tried following online tuts to set it up. I then installed nginx in on the linux VM.
I only ever used apache with proxy and then nginx in docker. Now looks like i should use HaProxy in opnsense then nginx in the vm?
tried not to ask for hemp(sry ment help) but its been a week.
Thanks for any guidance
So i finally got opnsense up and running last week after nights of being stuck. meaning internet is passing through. Now i am trying to get the the webserver running.
Think im getting in a tangle. Im also getting this message for the main domain pointing at my ip:
"A potential DNS Rebind attack has been detected.
Try to access the router by IP address instead of by hostname."
I have made a VMs for my domains to be hosted and require reverse proxy as only have 1 ip. I installed the nginx plugin for opensense. Tried following online tuts to set it up. I then installed nginx in on the linux VM.
I only ever used apache with proxy and then nginx in docker. Now looks like i should use HaProxy in opnsense then nginx in the vm?
tried not to ask for hemp(sry ment help) but its been a week.
Thanks for any guidance
Pages: [1] 2