OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of felixao »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - felixao

Pages: [1]
1
Tutorials and FAQs / Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
« on: July 12, 2024, 10:50:50 am »
You are the man! Thank you so much for the great support! Everything is now working as it should.  :D :D :D

2
Tutorials and FAQs / Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
« on: July 11, 2024, 10:30:58 pm »
Puh, thanks alot! :-[ - got a certificate now:
Code: [Select]
2024-07-11T22:11:37 Informational caddy "info","ts":"2024-07-11T20:11:37Z","logger":"dynamic_dns","msg":"updating DNS record","zone":"vault.domain.xyz","type":"AAAA","name":"@","value":"IPv6","ttl":0}
2024-07-11T22:11:37 Informational caddy "info","ts":"2024-07-11T20:11:37Z","logger":"dynamic_dns","msg":"updating DNS record","zone":"vault.domain.xyz","type":"A","name":"@","value":"IPv4","ttl":0}
2024-07-11T22:11:35 Debug caddy "debug","ts":"2024-07-11T20:11:35Z","logger":"events","msg":"event","name":"cached_managed_cert","id":"30f5dd13-a0ea-4f72-8ab9-ef83302c2b13","origin":"tls","data":{"sans":["vault.domain.xyz"]}}
2024-07-11T22:11:35 Debug caddy "debug","ts":"2024-07-11T20:11:35Z","logger":"tls.cache","msg":"added certificate to cache","subjects":["vault.domain.xyz"],"expiration":"2024-10-09T09:55:23Z","managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"51760c73851d473ec28884675ecde4e5413d434e12f04760093aecb819909f51","cache_size":1,"cache_capacity":10000}

I already thought it was such a small thing...

Now of course I have the next problem, namely that I can't reach the domain and get an error at Cloudflare (error code 521). Host is reachable, CNAME is also configured. Is there anything else I need to consider for Cloudflare?

3
Tutorials and FAQs / Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
« on: July 11, 2024, 10:20:42 am »
Hey, first of all: thank you for this plugin!

I switched from deSEC to Cloudflare and now I'm getting Error's and it stopped working. I configured Cloudflare's API as mentioned in the caddy docs (https://github.com/caddy-dns/cloudflare). It looked like an API problem, but the API is working correctly. Anyone an Idea what I'm missing here? Drives me crazy, because it worked fine through deSEC...

Code: [Select]
2024-07-11T11:20:20 Debug caddy "debug","ts":"2024-07-11T09:20:20Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/NPCUGkSt_wD2IWe237P8Ug","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:20 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["RFqgHTYGSgLDQn5zyQus3TlVAA0dV_AgfEfYCSqlEbE"],"Retry-After":["86400"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2024-07-11T11:20:17 Debug caddy "debug","ts":"2024-07-11T09:20:17Z","logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:17 Debug caddy "debug","ts":"2024-07-11T09:20:17Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/chall/klxrvi7gfralxj_sO71jWg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["164"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:17 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90/authz/NPCUGkSt_wD2IWe237P8Ug>;rel=\"up\""],"Replay-Nonce":["6E5wD7Bn28fzZFdRIhxY-kHq1V7Pib5lfX1hjTipyjI"],"Retry-After":["60"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2024-07-11T11:20:15 Debug caddy "debug","ts":"2024-07-11T09:20:15Z","logger":"tls.issuance.acme.acme_client","msg":"done waiting for solver","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:15 Debug caddy "debug","ts":"2024-07-11T09:20:15Z","logger":"tls.issuance.acme.acme_client","msg":"waiting for solver before continuing","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:15 Informational caddy "info","ts":"2024-07-11T09:20:15Z","logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vault.domain.xyz","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
2024-07-11T11:20:15 Debug caddy "debug","ts":"2024-07-11T09:20:15Z","logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
2024-07-11T11:20:15 Debug caddy "debug","ts":"2024-07-11T09:20:15Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/NPCUGkSt_wD2IWe237P8Ug","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["449"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:15 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["mc4smWXSmABMoANYjQXXXzYPNBKrPnIS8Mg6fx_0J6Y"],"Retry-After":["86400"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2024-07-11T11:20:12 Debug caddy "debug","ts":"2024-07-11T09:20:12Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["278"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:12 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/ePdppdFxHGxCGbOdAvumEQ"],"Replay-Nonce":["N0RQNWJzpxpg9jw-t0w10AV1et-TIz90-K-awUNs-2A"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":201}
2024-07-11T11:20:11 Debug caddy "debug","ts":"2024-07-11T09:20:11Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Type":["application/octet-stream"],"Date":["Thu, 11 Jul 2024 09:20:11 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["dubyvT4QrKuMzUWj3QzTladPHhmL43wwc9PWuhz7z4U"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"creating order","account":"https://acme.zerossl.com/v2/DV90/account/zI17MJiuzZy2KCCeoxuxow","identifiers":["vault.domain.xyz"]}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme.zerossl.com/v2/DV90","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:10 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2024-07-11T11:20:10 Informational caddy "info","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/zI17MJiuzZy2KCCeoxuxow","account_contact":["mailto:abc@abc.de"]}
2024-07-11T11:20:10 Informational caddy "info","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["vault.domain.xyz"],"ca":"https://acme.zerossl.com/v2/DV90","account":"abc@abc.de"}
2024-07-11T11:20:10 Informational caddy "info","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["vault.domain.xyz"],"ca":"https://acme.zerossl.com/v2/DV90","account":"abc@abc.de"}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme.zerossl.com-v2-DV90"}
2024-07-11T11:20:10 Error caddy "error","ts":"2024-07-11T09:20:10Z","logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vault.domain.xyz","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge"}
2024-07-11T11:20:10 Error caddy "error","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"vault.domain.xyz","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1830756237/286284483307","attempt":2,"max_attempts":3}
2024-07-11T11:20:10 Error caddy "error","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"vault.domain.xyz","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge","instance":"","subproblems":[]}}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540185137","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["979"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:10 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-e62lhajWnK7NFktNLv_vxDvmyIHriusfwdEbgwDHJBI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"vault.domain.xyz","challenge_type":"tls-alpn-01"}
2024-07-11T11:20:10 Debug caddy "debug","ts":"2024-07-11T09:20:10Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375540185137/6dCOjw","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["191"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:10 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540185137>;rel=\"up\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/chall-v3/375540185137/6dCOjw"],"Replay-Nonce":["zgT1AlV-ZNjqD20ClwybZ8eDxXrUqmgEm1TZobqpM9QB218Jj-w"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:09 Error caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"http.stdlib","msg":"http: TLS handshake error from 127.0.0.1:23624: EOF"}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"done waiting for solver","identifier":"vault.domain.xyz","challenge_type":"tls-alpn-01"}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"waiting for solver before continuing","identifier":"vault.domain.xyz","challenge_type":"tls-alpn-01"}
2024-07-11T11:20:09 Informational caddy "info","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vault.domain.xyz","challenge_type":"tls-alpn-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"dns-01"}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540185137","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:09 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8U4xWcZeKJWc2ZPIjm64cHusyQhzX7_35gDM3LNRN3kJE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["342"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:09 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/1830756237/286284483307"],"Replay-Nonce":["zgT1AlV-BI6xmFywkTmeWStBmnzrHpVzGovRTMo3kXra6Adr0ak"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
2024-07-11T11:20:09 Debug caddy "debug","ts":"2024-07-11T09:20:09Z","logger":"tls.issuance.acme.acme_client","msg":"creating order","account":"https://acme-v02.api.letsencrypt.org/acme/acct/1830756237","identifiers":["vault.domain.xyz"]}
2024-07-11T11:20:08 Error caddy "error","ts":"2024-07-11T09:20:08Z","logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"vault.domain.xyz","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2606:4700:3036::ac43:d41a: Invalid response from http://vault.domain.xyz/.well-known/acme-challenge/7l0JbJU_ZyHGmhvKl75evbljzzBgdrwE6H7OWNDGReo: 521","instance":"","subproblems":[]},"order":"https://acme-v02.api.letsencrypt.org/acme/order/1830756237/286284439187","attempt":1,"max_attempts":3}
2024-07-11T11:20:08 Error caddy "error","ts":"2024-07-11T09:20:08Z","logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"vault.domain.xyz","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:unauthorized","title":"","detail":"2606:4700:3036::ac43:d41a: Invalid response from http://vault.domain.xyz/.well-known/acme-challenge/7l0JbJU_ZyHGmhvKl75evbljzzBgdrwE6H7OWNDGReo: 521","instance":"","subproblems":[]}}
2024-07-11T11:20:08 Debug caddy "debug","ts":"2024-07-11T09:20:08Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["1166"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:08 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8U7eKR1AlXtU9lRLDgHnVy6EN2gqEZVm9KRytegcxucrg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:08 Debug caddy "debug","ts":"2024-07-11T09:20:08Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:08 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-euTwn1vhs0TH98VKYpMMKLgHg3M6TgZdhDenSu9HmYg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:07 Debug caddy "debug","ts":"2024-07-11T09:20:07Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:07 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8UYhJhC44nClV9RV6nvIIzaK2DAjImU5JGJdz44gWUncU"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:07 Debug caddy "debug","ts":"2024-07-11T09:20:07Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:07 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8USQKy9NDO6JcHhf_MBteZI361LL4GYaDlA5z_9xyAuFM"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:06 Debug caddy "debug","ts":"2024-07-11T09:20:06Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:06 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8UxmzVHyJhwPe9eEQ6tvQV01TrVht81-oIAqP7mhai5OM"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:06 Debug caddy "debug","ts":"2024-07-11T09:20:06Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:06 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-OJT-LyggcLxiAMMSFuyoLzmCBEOLBXPQxBeybPGmESo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:06 Debug caddy "debug","ts":"2024-07-11T09:20:06Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:05 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8U6obW-QWTqVmyaxPKEVACLYUXFXFxCHYe-O4PAFHjYkY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:05 Debug caddy "debug","ts":"2024-07-11T09:20:05Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:05 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8USJMpZQkltYIVjT5-CjgsbvQkBKO0KvsY626muUBfs6s"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:05 Informational caddy "info","ts":"2024-07-11T09:20:05Z","logger":"dynamic_dns","msg":"finished updating DNS","current_ips":["IPv4","IPv6"]}
2024-07-11T11:20:05 Error caddy "error","ts":"2024-07-11T09:20:05Z","logger":"dynamic_dns","msg":"failed setting DNS record(s) with new IP address(es)","zone":"vault.domain.xyz","error":"expected 1 zone, got 0 for vault.domain.xyz"}
2024-07-11T11:20:05 Debug caddy "debug","ts":"2024-07-11T09:20:05Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:05 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-CvYAXwpXuF1shAoALOl7uw1a2tfIsDvEFPZQXx47cdY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:04 Debug caddy "debug","ts":"2024-07-11T09:20:04Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:04 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8UY_XLOY2Bx8vljY4TUUxGIWBp6I1TPViNFndKjcC-4Ck"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:04 Debug caddy "debug","ts":"2024-07-11T09:20:04Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:04 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-LYsOEdE5lzwAGFIFauFJxas65qd56rV33pJfPFQIves"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:03 Debug caddy "debug","ts":"2024-07-11T09:20:03Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:03 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-xLtdkY8POAtrKQ9a4t3v_xHSQNG3UhG6BnZnfADaK1M"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:03 Informational caddy "info","ts":"2024-07-11T09:20:03Z","logger":"dynamic_dns","msg":"updating DNS record","zone":"vault.domain.xyz","type":"AAAA","name":"@","value":"IPv6","ttl":0}
2024-07-11T11:20:03 Informational caddy "info","ts":"2024-07-11T09:20:03Z","logger":"dynamic_dns","msg":"updating DNS record","zone":"vault.domain.xyz","type":"A","name":"@","value":"IPv4","ttl":0}
2024-07-11T11:20:03 Debug caddy "debug","ts":"2024-07-11T09:20:03Z","logger":"dynamic_dns.ip_sources.simple_http","msg":"lookup","type":"IPv6","endpoint":"https://api64.ipify.org","ip":"IPv6"}
2024-07-11T11:20:03 Debug caddy "debug","ts":"2024-07-11T09:20:03Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:03 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8Ush8AvtRobCEsVGwqCUm2GexI1Hp2bWusYFHkTRgjsuw"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:03 Debug caddy "debug","ts":"2024-07-11T09:20:03Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:02 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-8ayFaFcJYlewB8vBEfzHuzQBzzf2uB0mGWAAgIX_qRY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:03 Debug caddy "debug","ts":"2024-07-11T09:20:03Z","logger":"dynamic_dns.ip_sources.simple_http","msg":"lookup","type":"IPv4","endpoint":"https://api64.ipify.org","ip":"IPv4"}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:02 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["zgT1AlV-iPhTWKwNrOl_pJclv7FEUfeIEqzZ5H_5hZ7OHWz4RbI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"dynamic_dns","msg":"looked up current IPs from DNS","lastIPs":null}
2024-07-11T11:20:02 Error caddy "error","ts":"2024-07-11T09:20:02Z","logger":"dynamic_dns","msg":"unable to lookup current IPs from DNS records","error":"expected 1 zone, got 0 for vault.domain.xyz"}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/375540126317/1Lewag","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["187"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:02 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317>;rel=\"up\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/chall-v3/375540126317/1Lewag"],"Replay-Nonce":["eFSVlf8UyZXdEZd8mwkJB6yFDyoZ-wVUZbRYH-OsfEukg-tTT9I"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"done waiting for solver","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"waiting for solver before continuing","identifier":"vault.domain.xyz","challenge_type":"http-01"}
2024-07-11T11:20:02 Informational caddy "info","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vault.domain.xyz","challenge_type":"http-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
2024-07-11T11:20:02 Debug caddy "debug","ts":"2024-07-11T09:20:02Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/375540126317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["800"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:01 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8UnTzZAxtF3xpZJCTUeU2Ps5MRqmWxZClrlIGYYwpLiyI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:01 Debug caddy "debug","ts":"2024-07-11T09:20:01Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Boulder-Requester":["1830756237"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["342"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:01 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/1830756237/286284439187"],"Replay-Nonce":["eFSVlf8UgxC3Ov5ci2luZFH8tZxr_XJq2m-T3zKw4ZccQBsd0PI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
2024-07-11T11:20:01 Debug caddy "debug","ts":"2024-07-11T09:20:01Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Thu, 11 Jul 2024 09:20:01 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["eFSVlf8UldoMJHBdgupStVclatMJ6jwCSZ6H_08oajcJghaPbxY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:01 Debug caddy "debug","ts":"2024-07-11T09:20:01Z","logger":"tls.issuance.acme.acme_client","msg":"creating order","account":"https://acme-v02.api.letsencrypt.org/acme/acct/1830756237","identifiers":["vault.domain.xyz"]}
2024-07-11T11:20:01 Debug caddy "debug","ts":"2024-07-11T09:20:01Z","logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.8.4 CertMagic acmez (freebsd; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["746"],"Content-Type":["application/json"],"Date":["Thu, 11 Jul 2024 09:20:01 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/1830756237","account_contact":["mailto:abc@abc.de"]}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["vault.domain.xyz"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"abc@abc.de"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["vault.domain.xyz"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"abc@abc.de"}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"events","msg":"event","name":"cert_obtaining","id":"a3ed979c-3d86-499c-92ad-5ae7deba6b1e","origin":"tls","data":{"identifier":"vault.domain.xyz"}}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.obtain","msg":"obtaining certificate","identifier":"vault.domain.xyz"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.obtain","msg":"lock acquired","identifier":"vault.domain.xyz"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls","msg":"finished cleaning storage units"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/db/caddy/data/caddy","instance":"68f4b45b-f584-42d9-bafa-99c122f2bda3","try_again":"2024-07-12T09:20:00Z","try_again_in":86399.999997449}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.obtain","msg":"acquiring lock","identifier":"vault.domain.xyz"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","msg":"serving initial configuration"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","msg":"autosaved config (load with --resume flag)","file":"/var/db/caddy/config/caddy/autosave.json"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http","msg":"enabling automatic TLS certificate management","domains":["vault.domain.xyz"]}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"dynamic_dns","msg":"beginning IP address check"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
2024-07-11T11:20:00 Debug caddy "debug","ts":"2024-07-11T09:20:00Z","logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"policies":[{"subjects":["vault.domain.xyz"]},{}]}},"http":{"grace_period":10000000000,"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"192.168.178.6:8000"}]}]}]}]}]}],"terminal":true}],"tls_connection_policies":[{}],"automatic_https":{}}}}}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x870981180"}
2024-07-11T11:20:00 Informational caddy "info","ts":"2024-07-11T09:20:00Z","logger":"admin","msg":"admin endpoint started","address":"unix//var/run/caddy/caddy.sock","enforce_origin":false,"origins":["","//127.0.0.1","//::1"]}
   

Caddy-Config:
Code: [Select]
# Global Options
{
log {
output net unixgram//var/caddy/var/run/log {
}
format json {
time_format rfc3339
}
level DEBUG
}

dynamic_dns {
provider cloudflare API-Token
domains {
vault.domain.xyz @
}
}

email abc@abc.com
grace_period 10s
import /usr/local/etc/caddy/caddy.d/*.global
}

# Reverse Proxy Configuration


# Reverse Proxy Domain: "8e333c2b-cff5-465f-b899-d89f446438c5"
vault.domain.xyz {
handle {
reverse_proxy 192.168.178.6:8000 {
}
}
}

import /usr/local/etc/caddy/caddy.d/*.conf

Thanks in advance, hope its not a totally dumb mistake  ::) ;D

4
German - Deutsch / Re: Stabilitätsprobleme Deutsche Glasfaser
« on: January 04, 2024, 05:37:07 pm »
Kurzes Update: Es läuft nun alles sehr stabil, vielen Dank für alle Beiträge.

Ich konnte jetzt keine direkten Auswirkungen von den Optionen "Block Bogon/Private"-Adressen merken. Werde mir jetzt hier im Forum einmal ein paar Anleitungen anschauen um noch mehr aus der OPNsense rauszuholen.

Beste Grüße,
Felix

5
German - Deutsch / Re: Stabilitätsprobleme Deutsche Glasfaser
« on: January 03, 2024, 06:44:18 pm »
Quote from: tiermutter on January 03, 2024, 01:36:48 pm
Also als erstes fällt mir diese ominöse statische LAN IP auf... Die liegt nicht in dem Bereich der hier verwendet weden darf / sollte. Keine Ahnung was dadurch für komische Dinge passieren können...

Bei WAN solltest du block bogon und private abschalten, da diese für CGNAT benötigt werden.

Danke für den Input, habe nun einmal auf 192.168.178.1 geändert und werde das nun einmal testen. Die beiden Optionen habe ich auch einmal deaktiviert (block bogon und private). Ich probiere es später aber auch noch einmal aktiviert.

Quote from: knebb on January 03, 2024, 03:29:07 pm
Moin,

zusätzlich solltest Du eine saubere Fehleranalyse machen.
Was genau geht nicht?
  • DNS Namensauflösung?
  • Paketverlust durch fehlerhaftes Routing?
  • NAT-Probleme?[/II]
Wenn das Problem das nächste Mal auftritt, mache mal ein "ping 1.1.1.1". Geht das? Geht dann auch ein "ping www.example.com"?
Wenn das beides geht, muss man genauer hinschauen. Wenn nicht, liegt es irgendwo daran.
Und ja, bitte keine öffentliche IP-Adresse lokal verwenden, das kann zu genau solchen Problemen führen. Also zuallererst das lokale Netz auf ein 192.168er umstellen (oder 10. oder 172.).

/KNEBB


Ebenfalls Danke hierfür. Mit dem Ping hätte ich ebenfalls mal drauf kommen können. Nehme ich jetzt gerne einmal zusätzlich wenn ich teste.

Quote from: Maurice on January 03, 2024, 05:59:13 pm
Das öffentliche IPv4-Subnetz im LAN darf in der Tat nicht sein. Private und Bogon-Adressen auf dem WAN-Interface zuzulassen sollte aber nicht notwendig sein, CGNAT ändert nicht die Source-Adressen eingehender Pakete.
In den DHCPv6-Client-Einstellungen "Use IPv4 connectivity" deaktivieren, das ist nur für PPP(oE).
Die DNS-Konfiguration ist so wenig sinnvoll. Du erlaubst das Überschreiben der DNS-Server-Liste per DHCP, die eingetragenen Server sind daher weitgehend wirkungslos. Standardmäßig läuft außerdem Unbound als rekursiver Resolver, Hosts im LAN wird ausschließlich dieser als DNS-Server zugewiesen.

Insgesamt scheinst Du schon einiges "individualisiert" zu haben. Als Einsteiger und dann auch noch an einem neuen Internetanschluss würde ich zunächst mit (weitgehend) Default-Einstellungen anfangen. Wenn es dann stabil läuft kannst Du in die Details gehen.

Grüße
Maurice

Danke auch für diesen Input! Die Bogon und Private-Adressen teste ich wie oben beschrieben einmal durch. Die DNS-Einstellungen habe ich nun komplett entfernt.

Ich teste nun einmal fleißig heute Abend und bin definitv etwas schlauer dank Euch ;-). Besten dank und einen entspannten Abend.

6
German - Deutsch / Stabilitätsprobleme Deutsche Glasfaser
« on: January 03, 2024, 12:47:49 pm »
Hallo zusammen, allen noch ein frohes und gesundes neues Jahr!

Ich habe seit diesem Monat einen neuen Glasfaseranschluss der Deutschen Glasfaser. Im Zuge dessen habe ich mich dafür entschieden, einen Router mit OPNsense auszuprobieren. Dementsprechend groß sind auch meine generellen Erfahrungen mit OPNsense. Ich bin jedoch sehr lernwillig und freue mich meinen Horizont hier zu erweitern.

Hardware:
Die OPNsense ist ein Fujitsu Futro S920 mit AMD GX-415GA CPU (4 Kerne, 4 Threads; 1,5 GHz), 8 GB RAM und 120gb ssd. Ich habe per PCI-E noch eine Intel Dual NIC nachgerüstet (1 GB).

Software:
Folgende Version ist installiert:
OPNsense 23.7.10_1-amd64
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w

Ich habe aus den folgenden Threads bereits die Einstellungen übernommen und erhalte auch eine Internetverbindung:
https://forum.opnsense.org/index.php?PHPSESSID=g52l0c43a1k8a11prku11qtjmk&topic=33882.0
https://forum.opnsense.org/index.php?topic=21225.msg99660#msg99660
https://beechy.de/deutsche-glasfaser-ipv6-vs-pfsense/

Anbei auch meine Konfiguration zu LAN und WAN.

Mein Problem ist aktuell, dass die Internetverbindung einfach nicht stabil funktioniert. Beim Surfen wird eine beliebige Seite nicht aufgebaut und erst durch mehrmaliges Neuladen der Seite funktioniert die Darstellung.

Ich habe mich bereits ein bisschen an den DNS Settings ausprobiert (siehe Bild). Dies führt aktuell jedoch zu keinen Verbesserungen.

WLAN wird über einen TP-Link AccessPoint bereitgestellt und über Omada SDN verwaltet. Der WAN-Port der OPNsense hängt direkt am ONT, LAN der OPNsense direkt an meinem HP Switch, welcher wiederum alle Clients versorgt (auch den AP).
Desweiteren habe ich noch einen Intel NUC im Einsatz auf dem Proxmox mit Home Assistant, Omada SDN und NGINX Proxymanager läuft. Letztere ist in der Konfiguration sicher auch noch ein Thema, jedoch ist ein stabiles Internet erst einmal wichtiger. Ich habe alles einmal versucht übersichtlich in einem Draw.io-Diagramm darzustellen.

Ich bin für jeden Tipp dankbar, vielen Dank Euch vorab und beste Grüße,
Felix

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2