os-caddy plugin

Started by Monviech (Cedrik), November 04, 2023, 09:41:43 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
January 12, 2024, 03:47:00 PM #30 Last Edit: January 16, 2024, 06:22:27 PM by Monviech
New Version released:

v1.4.0

- DynDNS (Dynamic DNS) Feature added. (Yes that's right, choose your DNS Provider, and you have DNS-01 ACME Challenge AND Dynamic DNS neatly in the same plugin.) https://github.com/mholt/caddy-dynamicdns/
- Logging refactored to syslog-ng to integrate completely into the OPNsense.
- HTTP Access Logs can be enabled.
- DNS Provider Desec added into GUI
- DNS Provider Porkbun added (only configurable with custom configuration file in the ssh shell right now)

Supported DNS Providers in the GUI:

Cloudflare
Duck DNS
DigitalOcean
DNSPod
Hetzner
GoDaddy
Gandi
Vultr
IONOS
Desec
Hardware:
DEC740
January 16, 2024, 06:27:49 PM #31
New Version released:

v1.4.2

- Added Basic Auth as additional access restriction, multiple users can be set per domain and subdomain.
- Made views cleaner (seperate General Settings and DNS Provider Settings) - (joined Access List and Basic Auth in new Access Tab)
- Fixed template generation of Caddyfile for new DNS Providers (desec)
- Added Porkbun DNS Provider for GUI configuration with additional DNS Secret Api Key input field
- cleaned up some code and fixed some typos.

This will be the last feature release for a while. Now I will only fix bugs, so if you find one please open an issue on github.
Hardware:
DEC740
February 08, 2024, 11:09:52 AM #32 Last Edit: February 08, 2024, 11:11:44 AM by Monviech
New Version released:

v1.4.4

- Route53 DNS Provider added - https://github.com/Monviech/os-caddy-plugin/issues/84
- Dark Mode GUI fix - https://github.com/Monviech/os-caddy-plugin/issues/85
- New caddy binary built that includes more DNS Provider modules as preparation - https://github.com/Monviech/os-caddy-plugin/blob/main/usr/local/bin/README.md#current-build
- os-caddy was built with 24.1.1 dev system and tested on new OPNsense release.
Hardware:
DEC740
February 19, 2024, 05:57:48 PM #33 Last Edit: February 20, 2024, 09:04:40 AM by Monviech
New Version released:

v1.4.5

This release is important because it fixes a bug with the validation model that can result in incorrect configurations being allowed and saved. Additionally, now there is a second validation method when pressing apply. "caddy validate --config /usr/local/etc/caddy/Caddyfile" is invoked, and the caddy service is only restarted if the configuration is valid. If not, a popup with the exact error message will show the validation error. Now, it is highly unlikely any user error can break Caddy. The new API can be tested additionally at
Code Select
/api/caddy/service/validate

There are also a new logging feature added to integrate this Plugin more easily with Crowdsec. And a new feature to prepend paths in Handlers. Thank you a lot for contributing @pmhausen.

- New validate api action + Validation model fix by @Monviech in #98
- Add configuration option to log HTTP access to plain JSON files by @pmhausen in #90
- Add backend path prepend feature to handler configuration by @pmhausen in #95


Hardware:
DEC740
February 24, 2024, 02:41:55 PM #34 Last Edit: February 24, 2024, 03:35:32 PM by Monviech
New Version released:

v1.5.0

This release is mostly a cleanup to make the front end nicer, with more feedback when pressing Save or Apply.

ACME-DNS Provider has been added to support custom ACME Servers. Please note that only DNS-01 Challenge works with the custom ACME Server, no Dynamic DNS.

It also prepares the plugin to be included into the OPNsense. I've been working with Franco to prepare that. Here is the issue tracker on github. It might be included in 24.3 or 24.4 but no promises.

Status of OPNsense integration

This will be the last version until the integration is over (if no major bugs are found that need a fast fix). So no more new features for a bit.

- Omit vultr from DNS-Providers by @Monviech in #103
- General view cleanup by @Monviech in #106
- Add ACME-DNS Provider for custom ACME Server support by @Monviech in #107
- Hint pressing apply by @Monviech in #108
- Create ACL by @Monviech in #109
- Code consistency by @Monviech in #110
- Built os-caddy-1.5.0.pkg by @Monviech in #111
Hardware:
DEC740
March 06, 2024, 12:43:09 PM #35 Last Edit: March 06, 2024, 07:38:46 PM by Monviech
New Version released:

v1.5.1

Small Hotfix released: 1.5.1_1 since there was a typo that prevented saving domains.

This release is another preparation for the OPNsense integration. Since I went through a review, I could make lots of changes that clean things up.

Big thank you for all the reviewers on github: @franco, @kulikov-a, @mimugmail

Little warning: A lot of things changed, if you have problems, remove the plugin and reinstall it. Also you might need to restart your firewall. Maybe.

- More DNS Providers added: netlify, namesilo, njalla, vercel, googleclouddns, alidns, powerdns, tencentcloud, dinahosting, metaname, hexonet, ddnss, linode, mailinabox, ovh, namecheap, azure, openstack-designate.
- More input fields and better documentation added for the DNS Provider API Keys.
- Changed rc.d script to standard freebsd poudriere one packaged with the caddy-custom binary, included setup.sh script to rc.conf.d/caddy.
- Updated dependancy to caddy-custom instead of caddy.
- Removed +POST_DEINSTALL.post and +POST_INSTALL.post.
- Turned syslog-ng configuration from template to static file.
- A few typos in the general.volt and reverse_proxy.volt corrected.
- The RealInterfaceField custom Fieldtype was removed and replaced with an OPNsense integrated template function to read the interface name.
- Enable $internalModelUseSafeDelete in ReverseProxyController.php - Items can only be deleted when they are not referenced by other items, making deleting in the GUI safer since there can't be any orphaned configuration left behind.
- Migration script M1_1_3 from "Description" to "description" added. Lower case description is needed to be in line with some OPNsense integrated functions.
Hardware:
DEC740
March 24, 2024, 05:02:33 AM #36
I am happy to see this integrated into OpnSense as a plugin. I am currently using HAProxy plugin, but would like to move to this plugin and I have some questions.


  • This seems to include DynDNS and Acme Certs. -- Does this mean that by using this plugin, I can get rid of the os-ddclient and the on-acme-client plugins altogether and simply set them up under this plugin?
  • Currently for a few services like Omada, Nextcloud, I had to set up certain headers rules (http-request redirect, http-request header set, http-response replace-value etc etc) in HaProxy in order for it to work. How would the same headers be setup in this plugin?
March 24, 2024, 06:32:56 AM #37 Last Edit: March 24, 2024, 08:09:06 AM by Monviech
Hello,

1. Thats correct. If your DNS Provider is supported you can use DynDNS from the plugin. You can get Lets Encrypt automatically too (even without DNS Provider, its standard with Caddy to get them automatically). The DNS Provider thing still is a little bit of an issue in maintainability that I try to solve: https://github.com/opnsense/plugins/issues/3867

2. I don't know, the standard in Caddy is to not mess with the headers, it does everything automatically. For that you have to try out how it reacts to your services.

Read the documentation in the OPNsense docs and decide if it has all the options you need, otherwise you can continue to use HA-Proxy because why change if it works?
Hardware:
DEC740
April 23, 2024, 10:23:53 AM #38
Many thanks for this great plugin, this is the first time I'm dabbling with Caddy and maybe my question is trivial, but I do not completely understand how IPv4 vs IPv6 is handled.

If I configure the upstream IP in the handler as an IPv4 but the client connects to caddy using IPv6, is it expected to work, it will interwork IPv6 to IPv4? Do we expect performance issues because of this? (not that I have a lot of load on it, but just to know if I should expect the GUI to be slow or anything...)
April 23, 2024, 01:06:12 PM #39 Last Edit: April 23, 2024, 01:14:42 PM by Monviech
The GUI shouldn't be slow. I have tested it on VMs and real Hardware. If you have high load, it might be slow? I don't know what your hardware is.

Regarding your question, Caddy can receive either IPv4 and IPv6 connections and reverse proxy them to either ipv4, or ipv6, - or also both at the same time when you input two or more IP addresses into the handler Upstream Destination and have a domain with a and aaaa record.

ipv4 - caddy - ipv4 ✓
ipv6 - caddy - ipv4 ✓
ipv4 - caddy - ipv6 ✓
ipv4/6 - caddy - ipv4/6 ✓
Hardware:
DEC740
April 23, 2024, 01:54:32 PM #40
Thanks.

So far performance is good.

If I enter an IPv4 and an IPv6 as upstream in the handler, Caddy will simply load balance, the fact that the client is using IPv4 or IPv6 to connect to Caddy will not have any impact on this load balancing, is my understanding correct?
April 23, 2024, 02:06:52 PM #41 Last Edit: April 24, 2024, 03:05:52 PM by Monviech
Yes you understand correct. Caddy doesn't care how a connection is made to it. Either side is independant from the other side.
Hardware:
DEC740
August 11, 2024, 03:27:41 PM #42
Quote from: Monviech on November 04, 2023, 09:41:43 AM
Plugin was merged into OPNsense Plugins, I won't post in this thread anymore.
https://github.com/opnsense/plugins/pull/3840

- More DNS Providers added: netlify, namesilo, njalla, vercel, googleclouddns, alidns, powerdns, tencentcloud, dinahosting, metaname, hexonet, ddnss, linode, mailinabox, ovh, namecheap, azure, openstack-designate.
- More input fields and better documentation added for the DNS Provider API Keys.


Hi.

Is os-caddy working with Strato (DYNDNS) ?
August 11, 2024, 04:58:10 PM #43
Heres the current supported ones.

https://github.com/opnsense/plugins/issues/3872

Ionos is in there, its kinda the same company as strato. But there is no explicit strato provider upstream in the caddy-dns packages.
Hardware:
DEC740
Print
Go Up Pages 1 2 3
User actions