Tutorial 2024/06: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating

Started by TheHellSite, May 31, 2021, 01:06:11 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 46 47 48
User actions
December 21, 2024, 08:24:52 PM #705
Hi, my setup is an Odroid with OpnSense and docker containers running on a Synology nas behind the OpnSense box. I have setup reverse proxy using this guide and everything works just fine on my PC, I can access my containers using reverse proxy (using synology.me).

However, I can't access any reverse proxies on phones (tried on both Android and iPhone). I can't find any help anywhere in any forum. Any chance anyone could guide me?

Please let me know if it helps if upload any configuration.

Thanks in advance!

BR,
Andreas
December 22, 2024, 01:48:58 AM #706
Has anyone using this setup started to see failures in the LE Cert renewals DNS?

Looks like starting two weeks ago I started getting failures on all my ACME renewals that have been working for a year or more. I am not in a place right now to share log info but what I was seeing from debug log level 2 is that the TXT record set but when checks against LE with ACME it says the TXT record is not the expected one.

Ill drop more later.
January 04, 2025, 01:12:53 AM #707 Last Edit: January 04, 2025, 01:26:18 AM by le_top
On multiple occasions I've been observing that even thought a certificate has been renewed, the previous version is still being serviced.
I then manually trigger the HAProxy restart action directly from the "Run automations" symbol under Services>ACME Client>Certificates>Certificate Entry>Commands .
The certificate being served then becomes correct, but some time later I get the old one back.

I now find that 2 certificates listed as "Update Certificates" under Services>HAProxy>Maintenance>SSL Certificates.
There is an entry for 1_HTTPS_frontend and on that line under Commands, an "Apply Changes" icon is available.
Clicking that and confirming the operation also gets rid of the use of the old certificate.  Hopefully this stays permanent, now I only need to find a way to automate this after a certificate renewal as restarting the HAProxy does not seem to permanently affect this.

EDIT:
It is possible to create another automation (Service>ACME>Automations) for this.  When selecting "System or Plugin Command" under "Run command", "Sync SSL certificate changes into running HAProxy service" can be selected as a system command.  I think this is the permanent fix.

EDIT2:
Tested the automation on a 2nd setup where 5 was shown under "Update certificates".  Running the automations that now include the sync commande made that go away ;-).
January 08, 2025, 02:25:28 PM #708
Quote from: Patrick M. Hausen on December 15, 2024, 10:23:07 PMBut you might be able to pull some tricks with inbound NAT port forwarding etc.

In case someone wonders: it works pretty well with selfsigned cert for internal traffic and forwarded the needed ports to jitsi.
Print
Go Up Pages 1 ... 46 47 48
User actions