Topics

Hi

I amhaving trouble connecting to VM (running on esxi vmware). I get the following error in the logs:

Code Select Expand

1 upstream SSL certificate verify error: (18:self signed certificate) while SSL handshaking to upstream, client: 192.168.1.11, server: cloud.ellsium.com, request: "GET / HTTP/2.0", upstream: "https://192.168.1.10:443/", host: "cloud.ellsium.com"

i have installed nextcloud vm, without setting up local certbot, instead using tls cert using snake oil and have tried an openssl cert on the local VM, if i do http only, local vm and opnsense nginx then nextcloud appears to work to a degree, certs dont give errors but no tls i gues. The main cert is managed by lets encrypt on opensense. I have a fixed IP and a registered domain. I can load nextcloud and it appears to be fine except using it on WAN side breaks so im guessing the SSL is still not correct. Is there a way to connect the opnsense letencrypt cert to the VM?

Hi,

Thanks to @TheHellsite for his HAproxy setup. My reverse proxy with letsencrypt is setup. This is a different approach to what i am used to. Normally the local system manages the certificate. So how do we handle SSL on traefik docker containers? EG. My nextcloud is running but cert is invalid. I guess the same applies to other docker-compose.yml setup where many containers use acme letsencrypt to get certs.

Hi

I have been following this tut. https://forum.opnsense.org/index.php?topic=19305.0

the dns-01 secret key. how is this obtained? Also is it required for fixed ip?

Can i leave it on http-01, and change nginx port? how would i change nginx port?

Thank you

Hello

So i finally got opnsense up and running last week after nights of being stuck. meaning internet is passing through. Now i am trying to get the the webserver running.

Think im getting in a tangle. Im also getting this message for the main domain pointing at my ip:

"A potential DNS Rebind attack has been detected.
Try to access the router by IP address instead of by hostname."

I have made a VMs for my domains to be hosted and require reverse proxy as only have 1 ip. I installed the nginx plugin for opensense. Tried following online tuts to set it up. I then installed nginx in on the linux VM.

I only ever used apache with proxy and then nginx in docker. Now looks like i should use HaProxy in opnsense then nginx in the vm?

tried not to ask for hemp(sry ment help) but its been a week.

Thanks for any guidance

Hi

Yes i have read so much its been weeks over googled the subject, reading old posts does not help as opnsense might do it. 2021 what should we do? Yes this pfblockerng keeps me back. I have tried to understand it and i get the install both and find out philosophy. Instead i feel there should be a clear understanding for newbies. I would love you Pros to impart a setup that equals the security that pfblockerNg adds. I dont even know what i will be missing. But this should not be a reason for me to avoid opnsense.

Sperate vms running other software to compensate is fine. If plugins that use highier resources, is it worth it vs using "x". Or just use opnsense for everything then use pfsense for pfblockerng. There is no way that opnsense is a lesser product as im sure you are all serious about security. Why does this pfblockerNg seem like overly complicated dilemma? Just feel it could be negated with clear wisdom. What opnsense already does do that pfsense does, doesnt need to be covered. Im sure there are many options lets open it clearly.