OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Help appreciated -- Totally stuck with LetsEncrypt and HA Proxy
« previous next »
  • Print
Pages: [1]

Author Topic: Help appreciated -- Totally stuck with LetsEncrypt and HA Proxy  (Read 628 times)

mzurhorst

  • Newbie
  • *
  • Posts: 31
  • Karma: 0
    • View Profile
Help appreciated -- Totally stuck with LetsEncrypt and HA Proxy
« on: August 29, 2022, 05:54:29 pm »
Hi all,

I am trying since weeks to get my LetsEncrypt working for my home network and a machine accessible behind my firewall.  I am totally lost now getting frustrated after following dozens of tutorials.

I would really appreciate when somebody could give me a hint and toss me into the right direction.

What I have:
1) OPNsense connect to my carrier with a dynamic IPv4
2) set up DuckDNS account; this gets updated every night
3) I have a domain and created a subdomain (baerl.die-zurhorsts.de) with a CNAME record pointing to DuckDNS.  this works as well

Now to the mess internally:
1)  I am unsure about the correct naming of my (virtual) machines in my home network.
     I tried it with fake domains as well as correct FQDNs:
     
  • testweb.zurhorst.baerl
  • testweb.baerl.die-zurhorsts.de

2)  I started with the fake domain (zurhorst.baerl), transitioned to the subdomain (baerl.die-zurhorsts.de) and changed back to the zurhorst.baerl thing. 

3)  At least HA Proxy is working on Port 80. And there is also a certificate created, but this is not used.  (https://testweb.baerl.die-zurhorsts.de/ is pointing to the same web server. How the hell does the LE certificate get onto the webserver??? -- Is this a manual step, or is this automated behind the scenes?


What is my goal:
  • Simply spoken, I would like to have all communication between my servers secured with LE certificates.
    But it starts with the appropriate naming "strategy", which then impacts the LE challenge types, etc.
  • And if possible, I would actually prefer my "fake domain" naming for the local domain (zurhorst.baerl), since this is shorter.  All external stuff shall be routed through HA Proxy.
  • finally, it would be great when my OPNsense could stay on its default port internally (https://opnsense.zurhorst.baerl(:443), without being accessible from the Internet



I have the feeling that every single tutorial is lacking a tiny piece of information.    ::)
Hints are really welcome!

Thank you in advance,
  Marcus

« Last Edit: August 29, 2022, 06:08:05 pm by mzurhorst »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Help appreciated -- Totally stuck with LetsEncrypt and HA Proxy
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2