Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
NGINX + LetsEncrypt(ACME) Plugin help
« previous
next »
Print
Pages: [
1
]
Author
Topic: NGINX + LetsEncrypt(ACME) Plugin help (Read 1390 times)
seion
Newbie
Posts: 9
Karma: 0
NGINX + LetsEncrypt(ACME) Plugin help
«
on:
September 01, 2023, 08:08:47 pm »
So the jist of what I am trying to do is setup the OPNSense NGINX plugin as a reverse proxy so that I can forward all my subdomains to the correct ip/port, all over HTTPS.
I setup the ACME plugin and have that working fine with letsencrypt and cloudflare.
I turned on the WAP stuff.
I setup a upsteam server / upstream / location / http server and when I try to navigate to the subdomain I get this.
Upstream Server
Upstream
Location
- URL Pattern = /
- Enable Security Rules = Checked
- Upstream Servers = SeionServer NodeRed
- Force HTTPS = Checked
HTTP Server
- HTTP Listen Address = 80,[::]:80
- HTTPS Listen Address = 443,[::]:443
- Server Name = {MySubdomain.domain here}
- Locations = NodeRed Location (Location above)
- TLS Certificate = mysubdomain.doman (ACME Client)
- Client CA Certificate = R3 (ACME Client)
- HTTPS Only = Checked
Cloudflare has SSL Strict Mode on and Proxy "Cloud" off
I put the ACME Client Cert and Key on the upstream server and told nodered to use them also.
I need to know how to do this properly because I have a bunch of services running on the upstream server on different ports.
I had NGINX running on the upstream server just fine doing reverse proxy, so trying to transfer that config to the OPNSense NGINX Proxy Plugin.
«
Last Edit: September 01, 2023, 08:10:31 pm by seion
»
Logged
seion
Newbie
Posts: 9
Karma: 0
Re: NGINX + LetsEncrypt(ACME) Plugin help
«
Reply #1 on:
September 01, 2023, 08:14:56 pm »
One additional note, if I do a TCPDUMP of that port on the upstream server, I see traffic when I attempt to go to the subdomain.
also the HTTP Access logs give a 502 status code
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: NGINX + LetsEncrypt(ACME) Plugin help
«
Reply #2 on:
September 02, 2023, 07:33:14 pm »
nginx and backend error logs may give more info but i would start by enabling SNI in Location settings (TLS SNI Forwarding checkbox in Advanced settings) and setting sni name in Upstream settings (TLS: Servername override), so the Upstream knows what vhost is requested and what cert to use
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
23.7 Legacy Series
»
NGINX + LetsEncrypt(ACME) Plugin help