Messages

Next go to: Services --> ACME Client --> Certificates

Great Tutorial, thank you very much!
FYI: Lets Encrypt ended the support for OCSP and cert requests containing "ocsp must staple" fail, see: https://letsencrypt.org/2024/12/05/ending-ocsp/
I had to recreate the cert without ocsp must staple but still have A+ Rating.

But you might be able to pull some tricks with inbound NAT port forwarding etc.

In case someone wonders: it works pretty well with selfsigned cert for internal traffic and forwarded the needed ports to jitsi.

Is it possible to use haproxy if the opnsense is behind or after a fritzbox router ? I have tried a setup but without success

Yes its possible and fairly common. Just setup the opnsense in the fritzbox as exposed host.

I would seriously consider Caddy for Jitsi, because it does all the websocket upgrade magic automatically.

Thanks for the answer! I didnt use caddy so far and would like to add it to the existing haproxy configuration without any other certificates etc. Its just for small (mainly 1:1) meetings. If its with a few additional conditions/rules in haproxy possible, I would prefer that but otherwise I will have a look at caddy.

Hi all,
did someone get a jitsi instance behind this setup working?

Moin Frank,

hast du es getestet? Ich habe mein OPNsense mit einem SFP+ NIC aufgerüstet und fände diese Möglichkeit auch sehr elegant.
Der Link zu dem SFP-Modul ist nicht mehr aktuell.

Beste Grüße

Thanks for the tutorial! Its working great so far! I have one question: in my ACME Client log it says after renewal: php[2613]   AcmeClient: automation not supported: restart_haproxy
Is this just me or maybe because i didnt check HA-Proxy Integration?

Edit: never mind, worked perfectly the next renewal.