Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS

Started by Monviech (Cedrik), February 09, 2024, 01:31:44 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 21 22 23
User actions
October 24, 2025, 09:52:07 PM #330
Well think about it for a second how the proxy should receive the traffic if the firewall blocks it beforehand.
Hardware:
DEC740
October 24, 2025, 10:13:24 PM #331
I understand that, but i thought Caddy was listening from 80 and 443 and sending proxied UDP data from specified port to the specified local ip/port, like it's doing with basic reverse proxy.

Is there any advantage of using L4 if you're still opening the game server ports?
October 25, 2025, 08:34:33 AM #332
A remote client would contact the 2000 something port though, not 80 or 443.

The L4 module is if you wanne load balance or multiplex, or want to transform IPv6 from the outside to IPv4 on the inside. Advanced usecases, not just a simple port forward.
Hardware:
DEC740
October 27, 2025, 04:32:26 PM #333
Question from a now slightly confused newb!

using the example for "HTTP Eccess List" in the guide, I get:


Code Select
'''''''''''''''
@8a04f2f0-6d29-4e1b-831f-0ee048e5d83d_examplesite {
not client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
}
handle @8a04f2f0-6d29-4e1b-831f-0ee048e5d83d_examplesite {
abort
}
'''''''''''''''''

Ticking the "Invert List" in the Access list I get:

Code Select
'''''''''''''''''
@8a04f2f0-6d29-4e1b-831f-0ee048e5d83d_examplesite {
client_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
}
'''''''''''''''''

Shouldn't it be the other way around? Or is it just the help text being wrong??


opnsense 25.7.6 / os_caddy 2.0.4_1 
October 27, 2025, 08:29:20 PM #334
The logic should be okay it was implemented quite a while ago here:

https://github.com/opnsense/plugins/pull/4245

If you tested it and it doesnt work we can revisit it. Though the original requesters in th linked issue confirmed it, and in my tests it worked like intended.

Hardware:
DEC740
Today at 12:19:11 PM #335
I'm still struggling...

If the "Access List" in the GUI is a ALLOW_LIST and I get not allowed in the conf file seems wrong!
Vice versa ticking "Invert List" gives me allowed in the conf file??

Help Text for "Invert List" is:
QuoteIf checked, the access list logic will be inverted (i.e., the listed IPs will be blocked instead of allowed).

anyway.. It works perfectly if I do tick the "Invert List" box. It just took me a while to find that!
Not a big issue just wanted to know if it's me being dumb!-) again....
Today at 12:57:16 PM #336
Access List: 192.168.1.1


Normal:

If it is /not/ 192.168.1.1, abort.

(meaning 8.8.8.8 will be aborted, 192.168.1.1 will be allowed)

When inverting:

If it is 192.168.1.1, abort.

(meaning 8.8.8.8 will be allowed, 192.168.1.1 will be aborted)

As you can see the inversion is not what you assume when looking at the Caddyfile, its a logical construct.

Hardware:
DEC740
Print
Go Up Pages 1 ... 21 22 23
User actions