Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
OPNSense HAProxy and Cloudflare
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: OPNSense HAProxy and Cloudflare (Read 11015 times)
sorano
Full Member
Posts: 153
Karma: 21
Re: OPNSense HAProxy and Cloudflare
«
Reply #15 on:
July 22, 2021, 04:22:12 pm »
You must create an API token that has DNS permissions in Cloudflare and then configure that token for your validation in OPNsense.
Logged
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover
--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
lilsense
Hero Member
Posts: 600
Karma: 19
Re: OPNSense HAProxy and Cloudflare
«
Reply #16 on:
July 22, 2021, 04:56:58 pm »
so I ran:
./acme.sh --issue --home . -d 'domain.com' --dns dns_cf --debug 2
and got this:
[Thu Jul 22 10:49:09 EDT 2021] Can not find dns api hook for: dns_cf
[Thu Jul 22 10:49:09 EDT 2021] You need to add the txt record manually.
[Thu Jul 22 10:49:09 EDT 2021] Add the following TXT record:
[Thu Jul 22 10:49:09 EDT 2021] Domain: '_acme-challenge.domain.com'
[Thu Jul 22 10:49:09 EDT 2021] TXT value: '5PDYWLn6JD8_some_value_M4clBfO8vkwkgg'
[Thu Jul 22 10:49:09 EDT 2021] Please be aware that you prepend _acme-challenge. before your domain
[Thu Jul 22 10:49:09 EDT 2021] so the resulting subdomain will be: _acme-challenge.domain.com
[Thu Jul 22 10:49:09 EDT 2021] Dns record not added yet, so, save to ./domain.com/domain.com.conf and exit.
[Thu Jul 22 10:49:09 EDT 2021] Please add the TXT records to the domains, and re-run with --renew.
[Thu Jul 22 10:49:09 EDT 2021] _on_issue_err
[Thu Jul 22 10:49:09 EDT 2021] Please add '--debug' or '--log' to check more details.
[Thu Jul 22 10:49:09 EDT 2021] See:
https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Thu Jul 22 10:49:09 EDT 2021] _chk_vlist
[Thu Jul 22 10:49:09 EDT 2021] Diagnosis versions:
what do I need to add to the conf file? It looks like it has a certain format.
This may be a bug, as I see this in the script attempting to use http-01...
challenges":[{"type":"http-01",
«
Last Edit: July 22, 2021, 05:11:54 pm by lilsense
»
Logged
lilsense
Hero Member
Posts: 600
Karma: 19
Re: OPNSense HAProxy and Cloudflare
«
Reply #17 on:
July 22, 2021, 06:10:44 pm »
I decided to uninstall the letsencrypt and used the CF origin and CF cert directly. Now back to the original issue of setting up HAP. LOL.
Logged
sorano
Full Member
Posts: 153
Karma: 21
Re: OPNSense HAProxy and Cloudflare
«
Reply #18 on:
July 22, 2021, 06:42:29 pm »
Why are you doing stuff from cli?
Cert and validation is all configured in the webui from lets encrypt plugin.
Use the staging environment until all is working then switch over to production.
Looks like you are making life hard for yourself.
Logged
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover
--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
lilsense
Hero Member
Posts: 600
Karma: 19
Re: OPNSense HAProxy and Cloudflare
«
Reply #19 on:
July 22, 2021, 06:45:34 pm »
Everything is done thru GUI with no success...
So, here's something funny... After uninstalling letencrypt, HAProxy started to working but now it's stopped with this error...
[d7908357-7f95-4ada-83be-6e8a3c85c3e7] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 479, in execute stdout=output_stream, stderr=error_stream) File "/usr/local/lib/python3.7/subprocess.py", line 363, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/syncCerts.py actions --output bootgrid --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1.
2021-07-22T12:42:19 configd.py[11318] [2f872d65-6a03-4abb-9780-5a40222eee14] Script action failed with Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1. at Traceback (most recent call last): File "/usr/local/opnsense/service/modules/processhandler.py", line 479, in execute stdout=output_stream, stderr=error_stream) File "/usr/local/lib/python3.7/subprocess.py", line 363, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '/usr/local/opnsense/scripts/OPNsense/HAProxy/socketCommand.py show-servers --output bootstrap --page-rows '10' --page '1' --search '' --sort-col '' --sort-dir ''' returned non-zero exit status 1.
It's like hitting a cinder blocks one at a time... LOL
Logged
lilsense
Hero Member
Posts: 600
Karma: 19
Re: OPNSense HAProxy and Cloudflare
«
Reply #20 on:
July 23, 2021, 12:33:36 pm »
OK.
So I cleaned up all the HAProxy, uninstalled it and reinstalled it back and went thru the tut:
https://forum.opnsense.org/index.php?topic=23339.0
All was fine until the last portion of the step 9. Public Front end.
I am not using the let's encrypt. And now HAProxy will not start...
Logged
lilsense
Hero Member
Posts: 600
Karma: 19
Re: OPNSense HAProxy and Cloudflare
«
Reply #21 on:
July 23, 2021, 04:10:19 pm »
here's the HAP config:
After the patch update today... all is well... It's up and running.
«
Last Edit: July 23, 2021, 09:08:03 pm by lilsense
»
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
OPNSense HAProxy and Cloudflare
