Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS (Read 4597 times)
Monviech
Hero Member
Posts: 890
Karma: 93
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #15 on:
March 29, 2024, 06:12:19 am »
Glad you could find the option you need. I think the ACME Plugin and Caddy can run at the same time and issue certificates too, I don't think there are regressions, but I don't know.
Its interesting to use the build in certificate generation of caddy because it also does automatic ocsp stapling.
Also, make sure you create an automation that restarts caddy when the Lets Encrypt certificates are renewed by the ACME Plugin if you continue using it. Otherwise the certs wont be reloaded if theyre reissued.
I'll check if I can create a pull request to add that as automation like nginx and haproxy.
EDIT:
https://github.com/opnsense/plugins/pull/3877
«
Last Edit: March 29, 2024, 10:19:38 am by Monviech
»
Logged
Reverse Proxy with automatic HTTPS and Dynamic Dns
os-caddy
,
Tutorial
,
Docs
Hardware:
DEC740
bucky2780
Newbie
Posts: 26
Karma: 2
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #16 on:
March 30, 2024, 04:59:16 am »
Thanks monviech... I gave caddy another try... I currently run HAProxy, but dont really need load balancing for the home network, caddy is simpler.
My results were uneven... thus far. Here is what I did....
- Turned off ddns as relying on opnsense for that
- Gave the domain a custom cert located in the opnsense trust store.
- Gave the domain a custom port of 30000, as haproxy is currently binding to 443 and 80.
- With this approach, caddy does not terminate the connection. Seems to work however if I give it default 443
- Further to this... I disabled haproxy, and enabled caddy
- created a brand new domain and opnsense LE cert.
- bound caddy to 443 and seemed to work ok
- Home assistant loaded fine, the backend is unencrypted
- when backend was encrypted however, I checked the tls box for the backend, but alas failed to certify
- this was the opnsense gui... which I put on a different port (41443)
- Gui failed to load.
- Similar approach seems to work in haproxy... where you check tls but dont bother to certify.
I will try again in a few days... to see if I can work around some of these things...
best regards,
Logged
Monviech
Hero Member
Posts: 890
Karma: 93
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #17 on:
March 30, 2024, 06:20:19 am »
Caddy has port 80 and 443 as a requirement for itself. Running it at the same time as other services that use it is not supported.
When using the build in certificate generation, any port on the Domain works, even ports like 30000 etc. I know that cause a small project uses this plugin where they have the same domain from 30000 to 30050 listening on the front end, reverse proxying each port to a different handler. (Reverse Proxying a lot of stable diffusion instances for the API.)
For the "check a box that just skips TLS verification" there is a new feature for that coming in the next version that allows that.
Otherwise the docs have examples how it works with the OPNsense GUI right now.
Thanks for trying the plugin. ^^
«
Last Edit: March 30, 2024, 06:24:52 am by Monviech
»
Logged
Reverse Proxy with automatic HTTPS and Dynamic Dns
os-caddy
,
Tutorial
,
Docs
Hardware:
DEC740
pieter123
Newbie
Posts: 2
Karma: 0
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #18 on:
March 31, 2024, 05:55:34 pm »
Hi,
I would like to install this plug in but can't find it in the Plugins list under firmware.
Opnsense version 24.1.b_130
Any suggestions?
Thanks!
Logged
Patrick M. Hausen
Hero Member
Posts: 4956
Karma: 419
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #19 on:
March 31, 2024, 06:17:59 pm »
It's in 24.1.4
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
pieter123
Newbie
Posts: 2
Karma: 0
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #20 on:
March 31, 2024, 08:16:59 pm »
Quote from: Patrick M. Hausen on March 31, 2024, 06:17:59 pm
It's in 24.1.4
Got it, thanks!
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS