Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - otherego

Pages: [1]

General Discussion / Re: UDP Broadcast Relay

« on: August 26, 2023, 07:29:13 pm »

post deleted

23.1 Legacy Series / vlan dhcp failed

« on: June 12, 2023, 11:20:29 am »

I have some servers running in a Truenas jail, configured as vlan10. also my cisco 9200 series switch is configured and all was working nicely till some days ago. Now my servers randomly are getting a dhcp address from my lan instead of vlan one, randomly and my configuration was not changed...

23.1 Legacy Series / Modem + ISP Router + OPNSense Configuration suggestions (edited)

« on: April 17, 2023, 08:44:31 am »

Hello,
i'm using opnsense behind a 7530 Fritzbox router that is connect to ZTE moden by pppoe.
my actual provider (aruba italy) gives me static ipv4 and ipv6 addresses.
What is best configuration for opnsense, i have any trouble with ipv4, but i was wondering what is best configuration for ipv6 part.
Also i would like to know if actual configuration is correct by placing opnsense behind the router or if is better to put in front of it

Thanks

General Discussion / Re: Configuration for the Italian "Sky Wifi" provider

« on: April 03, 2023, 10:04:41 pm »

I'm using SKY and i've got it woking by using opnsense

Tutorials and FAQs / Re: Tutorial 2023/03: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: March 29, 2023, 01:11:23 pm »

Quote from: TheHellSite on March 22, 2023, 09:33:32 am

Quote from: otherego on March 20, 2023, 08:18:58 pm
Thank you fir this nice guide i followed to replace nginx reverse proxy. i left my
nexcloud server untouched.
After following the guide, i've got "too many redirects" error.
i've looking around for a possible solution... but i don't understand what is wrong
i'm using cloudflare and this it's apache configuration

Code: [Select]
<VirtualHost *:80> DocumentRoot "/usr/local/www/nextcloud" ServerName nextcloud.mysite.com <FilesMatch \.php$> SetHandler "proxy:fcgi://127.0.0.1:9000/" </FilesMatch> DirectoryIndex /index.php index.php </VirtualHost>
config.php

Code: [Select]
{ "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "10.0.0.48", "nextcloud.mysite.com" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "25.0.4.1", "overwrite.cli.url": "https:\/\/nextcloud.mysite.com", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "mysql.utf8mb4": true, "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "trusted_proxies": "***REMOVED SENSITIVE VALUE***", "overwritehost": "nextcloud.mysite.com", "overwriteprotocol": "https", "overwritecondaddr": "^10\\.0\\.0\\.1$", "redis": { "host": "***REMOVED SENSITIVE VALUE***", "port": 0 }, "memcache.local": "\\OC\\Memcache\\APCu", "memcache.locking": "\\OC\\Memcache\\Redis", "maintenance": false, "theme": "", "loglevel": 2, "updater.release.channel": "stable", "default_phone_region": "IT", "app_install_overwrite": [], "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory", "twofactor_enforced": "true", "twofactor_enforced_groups": [ "admin" ], "twofactor_enforced_excluded_groups": [], "data-fingerprint": "d1c023081e0c9b662bc8049cf295c443" } }
haproxy.conf

Code: [Select]
global uid 80 gid 80 chroot /var/haproxy daemon stats socket /var/run/haproxy.socket group proxy mode 775 level admin nbthread 4 hard-stop-after 60s no strict-limits maxconn 10000 tune.ssl.default-dh-param 4096 spread-checks 2 tune.bufsize 16384 tune.lua.maxmem 0 log /var/run/log local0 info lua-prepend-path /tmp/haproxy/lua/?.lua defaults log global option redispatch -1 maxconn 5000 timeout client 30s timeout connect 30s timeout server 30s retries 3 default-server init-addr last,libc default-server maxconn 5000 # autogenerated entries for ACLs # autogenerated entries for config in backends/frontends # autogenerated entries for stats # Frontend: 0_SNI_frontend (listening on 0.0.0.0:80. 0.0.0.0:443) frontend 0_SNI_frontend bind 0.0.0.0:443 name 0.0.0.0:443 bind 0.0.0.0:80 name 0.0.0.0:80 mode tcp default_backend SSL_backend # logging options # Frontend: 1_HTTP_frontend (Listening on 127.4.4.3:80) frontend 1_HTTP_frontend bind 127.4.4.3:80 name 127.4.4.3:80 accept-proxy mode http option http-keep-alive option forwardfor # logging options # ACL: NoSSL_condition acl acl_64188d5dce2390.01132494 ssl_fc # ACTION: HTTPtoHTTPS_rule http-request redirect scheme https code 301 if !acl_64188d5dce2390.01132494 # Frontend: 1_HTTPS_frontend (Lisening on 127.4.4.3:443) frontend 1_HTTPS_frontend http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" bind 127.4.4.3:443 name 127.4.4.3:443 accept-proxy ssl curves secp384r1 no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/64189270e357f4.63771565.certlist mode http option http-keep-alive option forwardfor timeout client 15m # logging options # ACTION: PUBLIC_SUBDOMAINS_rule # NOTE: actions with no ACLs/conditions will always match use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/64188dd26c8986.37023969.txt)] # Backend: SSL_backend () backend SSL_backend # health checking is DISABLED mode tcp balance source # stickiness stick-table type ip size 50k expire 30m stick on src server SSL_server 127.4.4.3 send-proxy-v2 check-send-proxy # Backend: Nextcloud_backend () backend Nextcloud_backend # health checking is DISABLED mode http balance source # stickiness stick-table type ip size 50k expire 30m stick on src http-reuse safe server Nextcloud_server 10.0.0.48:80 ssl verify none

Your nextcloud server is misconfigured in haproxy, I highly doubt your nextcloud needs SSL ticked. But this might not be the only issue and I won't give support for services I am not using.

after some investigations i realized (by using s simple apache server behind haproxy) that is not nextcloud that gives too many redirects error but the trouble is coming because i'm using cloudflare as dns, by switching ssl to Full (strict) instead of Flexible.

Tutorials and FAQs / Re: Tutorial 2023/03: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: March 23, 2023, 10:10:12 pm »

i removed
"overwrite.cli.url"
"overwritehost"
"overwriteprotocol"
"overwritecondaddr"
from my php.conf, but i still have same result

Tutorials and FAQs / Re: Tutorial 2023/03: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: March 22, 2023, 08:26:40 pm »

thank you btw i've tried to remove SSL ticket too.. but unfortunately error still there..
i have no clue where i can get some help. things are mixing so need to be adviced for nextcloud, for haproxy and how to implement into opnsense...

Tutorials and FAQs / Re: Tutorial 2023/03: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

« on: March 20, 2023, 08:18:58 pm »

Thank you fir this nice guide i followed to replace nginx reverse proxy. i left my
nexcloud server untouched.
After following the guide, i've got "too many redirects" error.
i've looking around for a possible solution... but i don't understand what is wrong
i'm using cloudflare and this it's apache configuration

Code: [Select]

<VirtualHost *:80>
    DocumentRoot "/usr/local/www/nextcloud"
    ServerName nextcloud.mysite.com
<FilesMatch \.php$>
        SetHandler "proxy:fcgi://127.0.0.1:9000/"
    </FilesMatch>
    DirectoryIndex /index.php index.php
</VirtualHost>

config.php

Code: [Select]


{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "10.0.0.48",
            "nextcloud.mysite.com"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "25.0.4.1",
        "overwrite.cli.url": "https:\/\/nextcloud.mysite.com",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "trusted_proxies": "***REMOVED SENSITIVE VALUE***",
        "overwritehost": "nextcloud.mysite.com",
        "overwriteprotocol": "https",
        "overwritecondaddr": "^10\\.0\\.0\\.1$",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 0
        },
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "maintenance": false,
        "theme": "",
        "loglevel": 2,
        "updater.release.channel": "stable",
        "default_phone_region": "IT",
        "app_install_overwrite": [],
        "ldapProviderFactory": "OCA\\User_LDAP\\LDAPProviderFactory",
        "twofactor_enforced": "true",
        "twofactor_enforced_groups": [
            "admin"
        ],
        "twofactor_enforced_excluded_groups": [],
        "data-fingerprint": "d1c023081e0c9b662bc8049cf295c443"
    }
}

haproxy.conf

Code: [Select]


global
    uid                         80
    gid                         80
    chroot                      /var/haproxy
    daemon
    stats                       socket /var/run/haproxy.socket group proxy mode 775 level admin
    nbthread                    4
    hard-stop-after             60s
    no strict-limits
    maxconn                     10000
    tune.ssl.default-dh-param   4096
    spread-checks               2
    tune.bufsize                16384
    tune.lua.maxmem             0
    log                         /var/run/log local0 info
    lua-prepend-path            /tmp/haproxy/lua/?.lua

defaults
    log     global
    option redispatch -1
    maxconn 5000
    timeout client 30s
    timeout connect 30s
    timeout server 30s
    retries 3
    default-server init-addr last,libc
    default-server maxconn 5000

# autogenerated entries for ACLs


# autogenerated entries for config in backends/frontends

# autogenerated entries for stats




# Frontend: 0_SNI_frontend (listening on 0.0.0.0:80. 0.0.0.0:443)
frontend 0_SNI_frontend
    bind 0.0.0.0:443 name 0.0.0.0:443 
    bind 0.0.0.0:80 name 0.0.0.0:80 
    mode tcp
    default_backend SSL_backend

    # logging options

# Frontend: 1_HTTP_frontend (Listening on 127.4.4.3:80)
frontend 1_HTTP_frontend
    bind 127.4.4.3:80 name 127.4.4.3:80 accept-proxy 
    mode http
    option http-keep-alive
    option forwardfor

    # logging options
    # ACL: NoSSL_condition
    acl acl_64188d5dce2390.01132494 ssl_fc

    # ACTION: HTTPtoHTTPS_rule
    http-request redirect scheme https code 301 if !acl_64188d5dce2390.01132494

# Frontend: 1_HTTPS_frontend (Lisening on 127.4.4.3:443)
frontend 1_HTTPS_frontend
    http-response set-header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
    bind 127.4.4.3:443 name 127.4.4.3:443 accept-proxy ssl curves secp384r1  no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256 ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/64189270e357f4.63771565.certlist 
    mode http
    option http-keep-alive
    option forwardfor
    timeout client 15m

    # logging options

    # ACTION: PUBLIC_SUBDOMAINS_rule
    # NOTE: actions with no ACLs/conditions will always match
    use_backend %[req.hdr(host),lower,map_dom(/tmp/haproxy/mapfiles/64188dd26c8986.37023969.txt)] 

# Backend: SSL_backend ()
backend SSL_backend
    # health checking is DISABLED
    mode tcp
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    server SSL_server 127.4.4.3 send-proxy-v2 check-send-proxy

# Backend: Nextcloud_backend ()
backend Nextcloud_backend
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m  
    stick on src
    http-reuse safe
    server Nextcloud_server 10.0.0.48:80 ssl verify none

Pages: [1]