OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of baragsen »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - baragsen

Pages: [1]
1
Tutorials and FAQs / Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
« on: September 27, 2024, 01:23:38 pm »
Quote from: Monviech on September 26, 2024, 03:34:23 pm
Did you create the same Firewall rule for WAN also for LAN/other interfaces you use?

You shouldn't use Split DNS Zones with Caddy, just use the external IP address from internally and externally. I can see your nextcloud resolves to the internal IP of your OPNsense. (Technically its possible and people do it but it complicates some firewall rules and stuff)

https://docs.opnsense.org/manual/how-tos/caddy.html#caddy-troubleshooting

If nothing of these hints work please post some debug logs where caddy logged the error you see happening.

The Split DNS setup in Unbound was remaining config from my old HAProxy setup, that's fixed now. But it did not solve my issue. The actual problem I found was that I was checking the Dynamic DNS box in both Domains and Subdomains, and I have some misconfiguration as well on the Cloudflare dashboard. Since cleaning all that up, it has been working perfectly.

Thanks a lot!

Edit: Quick question, is there any way to use other caddy directives in the GUI e.g. php_fastcgi and fileserver? It would be an improvement for me to use caddy instead of using Nextcloud with its own embedded Apache web server.

2
Tutorials and FAQs / Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
« on: September 26, 2024, 03:26:40 pm »
Heya,
Thanks a lot for your work and for the tutorial. It really helped me out a lot.
There is one small issue that I am having with Caddy and  my nextcloud (of course) container.
I can access it using my domain from outside my local network, but when trying to connect it through my local network, I keep getting ERR_SOCKET_NOT_CONNECTED or PR_END_OF_FILE_ERROR issues. I did not mess with NAT reflection nor with Unbound DNS as the tutorial says that there won't be a need for it, but I still cannot get access locally.
My caddyfile is as follows:

Code: [Select]
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file


# caddy_user=root

# Global Options
{
log {
output net unixgram//var/run/caddy/log.sock {
}
format json {
time_format rfc3339
}
level DEBUG
}

dynamic_dns {
provider cloudflare xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
domains {
example.com *
example.com nc
}
}

email example@mail.com
grace_period 10s
import /usr/local/etc/caddy/caddy.d/*.global
}

# Reverse Proxy Configuration


# Reverse Proxy Domain: "a46e07f0-97d6-40ee-a4ba-c219beee103f"
*.example.com {
tls {
issuer acme {
dns cloudflare xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
}
}

@f601ec75-1d72-4165-a41c-34322ad8a17a {
host nc.example.com
}
handle @f601ec75-1d72-4165-a41c-34322ad8a17a {
handle {
reverse_proxy 10.150.0.10:8666 {
header_down +Strict-Transport-Security "max-age=31536000;"
}
}
}
}

import /usr/local/etc/caddy/caddy.d/*.conf
Unfortunately no logs from caddy as nothing shows up when trying to access it internally. When using nslookup on the domain, I get my opnsense ip.
Code: [Select]
Server:  firewall.home.lan
Address:  10.150.0.1

Name:    nc.example.com
Address:  10.150.0.1
Any help would be appreciated!!

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2