Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Unable to externally resolve Traefik frontend domains via 443
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unable to externally resolve Traefik frontend domains via 443 (Read 2586 times)
zzwdup
Newbie
Posts: 1
Karma: 0
Unable to externally resolve Traefik frontend domains via 443
«
on:
April 27, 2020, 04:45:04 am »
Hi All,
First time user of OPNsense and while I've used a few linux firewall distro before, none of them compare to the features/learnings of OPNsense. So please keep that in mind.
I have everything setup and running ok with the only challenge of not being able to resolve https externally when pushing it to an internal server running Traefik with Let's Encrypt.
My Setup
OPNSense:
LAN: 10.0.0.1
WAN: DHCP from cable modem (GC Nat disbled)
10.0.0.10: Linux server with docker / Traefik container (bound / accepting on 443)
Traefik is updating my dns records (DuckDNS) if IP changes on the WAN port (I have temporally enabled a static IP from ISP while troubleshooting this issue)
Change WebUI port to 444
System -> Settings -> Administration:
HTTPS port changed to 444
Anti lock rule is showing 80,444
Firewall -> Settings -> Advanced:
Reflection for port forwards: Enabled
Reflection for 1:1: Disabled
Automatic outbound NAT for Reflection: Enabled
Disable reply-to: Enabled
Firewall -> NAT - Port Forwarding
WAN->TCP->* * -> WAN address -> 443 -> 10.0.0.10 -> 443
Firewall -> Rules -> WAN
IPv4-> * * -> 10.0.0.10 -> 443 -> * *
*** restarted server to confirm configuration have held ***
Internally the traefik frontend domains resolve on 443 without any issues. (app.subdomain.duckdns.org)
I can also remove the complete OPNsense setup and default back to my ISP router with 443 forwarded to the Linux server and everything's works. So I know its a configuration issues / lack of understanding of how OPNsense if handling things.
I have other ports open using the exact same server (different services not using Traefik) and it resolves perfectly fine. I've also tested other services like FTP to my nas (different IP) and they are working as attended.
I'm guessing my issue is Unbound DNS & Traefik not playing nicely? Does anyone have any ideas on what I can try next?
Thanks
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
Unable to externally resolve Traefik frontend domains via 443