Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Help appreciated -- Totally stuck with LetsEncrypt and HA Proxy
« previous
next »
Print
Pages: [
1
]
Author
Topic: Help appreciated -- Totally stuck with LetsEncrypt and HA Proxy (Read 627 times)
mzurhorst
Newbie
Posts: 31
Karma: 0
Help appreciated -- Totally stuck with LetsEncrypt and HA Proxy
«
on:
August 29, 2022, 05:54:29 pm »
Hi all,
I am trying since weeks to get my LetsEncrypt working for my home network and a machine accessible behind my firewall. I am totally lost now getting frustrated after following dozens of tutorials.
I would really appreciate when somebody could give me a hint and toss me into the right direction.
What I have:
1) OPNsense connect to my carrier with a dynamic IPv4
2) set up DuckDNS account; this gets updated every night
3) I have a domain and created a subdomain (baerl.die-zurhorsts.de) with a CNAME record pointing to DuckDNS. this works as well
Now to the mess internally:
1) I am unsure about the correct naming of my (virtual) machines in my home network.
I tried it with fake domains as well as correct FQDNs:
testweb.zurhorst.baerl
testweb.baerl.die-zurhorsts.de
2) I started with the fake domain (zurhorst.baerl), transitioned to the subdomain (baerl.die-zurhorsts.de) and changed back to the zurhorst.baerl thing.
3) At least HA Proxy is working on Port 80. And there is also a certificate created, but this is not used. (
https://testweb.baerl.die-zurhorsts.de/
is pointing to the same web server. How the hell does the LE certificate get onto the webserver??? -- Is this a manual step, or is this automated behind the scenes?
What is my goal:
Simply spoken, I would like to have all communication between my servers secured with LE certificates.
But it starts with the appropriate naming "strategy", which then impacts the LE challenge types, etc.
And if possible, I would actually prefer my "fake domain" naming for the local domain (zurhorst.baerl), since this is shorter. All external stuff shall be routed through HA Proxy.
finally, it would be great when my OPNsense could stay on its default port internally (
https://opnsense.zurhorst.baerl
(:443), without being accessible from the Internet
I have the feeling that every single tutorial is lacking a tiny piece of information.
Hints are really welcome!
Thank you in advance,
Marcus
«
Last Edit: August 29, 2022, 06:08:05 pm by mzurhorst
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Help appreciated -- Totally stuck with LetsEncrypt and HA Proxy