Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
« previous
next »
Print
Pages:
1
...
10
11
[
12
]
Author
Topic: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS (Read 31982 times)
Monviech
Hero Member
Posts: 1435
Karma: 164
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #165 on:
October 01, 2024, 06:18:32 am »
No the GUI only allows for the same port being used on all backend webservers in the same loadbalancing group.
Whats the usecase for different ports there?
Since all webservers that load balance should be configured the same way, why serve them on different ports?
«
Last Edit: October 01, 2024, 06:21:47 am by Monviech
»
Logged
Hardware:
DEC740
DivHunter
Newbie
Posts: 3
Karma: 0
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #166 on:
October 01, 2024, 06:34:26 am »
Multiple instances per machine/GPU for the service.
Looking at the caddy config I did wonder why it was not just one field with ip:port entries so you could do any combination as you can in the config itself.
Logged
Monviech
Hero Member
Posts: 1435
Karma: 164
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #167 on:
October 01, 2024, 06:41:43 am »
It has grown historically while building the plugin and now its hard to change it without breaking existing setups.
Its one of these things.
There are some validations attached tp the port field too, since when you change to the www user it gets validated extensively.
Im sure it could all be somehow resolved with migrations and different fieldtypes but the usecase is very small so somebody who needs it would have to invest time there.
«
Last Edit: October 01, 2024, 06:44:37 am by Monviech
»
Logged
Hardware:
DEC740
DivHunter
Newbie
Posts: 3
Karma: 0
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #168 on:
October 01, 2024, 07:04:26 am »
Is what it is, I'll just use something else for now.
It's a pain when you have things tied up in validation and existing configs.
It's very cool to have the additional functions of caddy available on opnsense.
Logged
Monviech
Hero Member
Posts: 1435
Karma: 164
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #169 on:
October 01, 2024, 07:19:48 am »
well you could work around it by having multiple virtual IPs on that host and bind one GPU instance per virtual IP on the same port for each. Then each socket on the same host would also be unique even with the same port.
But yeah this wont be resolved anytime soon.
Or write your own config file for that one usecase. You can still use the GUI for all other things.
https://docs.opnsense.org/manual/how-tos/caddy.html#custom-configuration-files
«
Last Edit: October 01, 2024, 07:22:42 am by Monviech
»
Logged
Hardware:
DEC740
Gautier
Newbie
Posts: 4
Karma: 0
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #170 on:
October 11, 2024, 09:48:21 am »
Hi,
I install Caddy and configure follow the tutorial but I have error:
"error","ts":"2024-10-11T07:26:56Z","logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"toto.pequod.sokil.fr","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:connection - 89.219.181.98: Timeout during connect (likely firewall problem)"}
I really don't know where to start
I also on freeBSD and debian install caddy to test with the same error.
I have another site with OPNsense and caddy on debian behind without error, I miss something but what ?
Logged
Monviech
Hero Member
Posts: 1435
Karma: 164
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #171 on:
October 11, 2024, 09:51:57 am »
Well I get no connection to your IP either. So its either a firewall problem, the IP is a CGNAT IP, you have to troubleshoot that with curl for example:
curl -v 89.219.181.98
* Trying 89.219.181.98:80...
^C
curl -v 89.219.181.98:443
* Trying 89.219.181.98:443...
^C
See theres nothing, no response. So Let's Encrypt can not connect either.
Logged
Hardware:
DEC740
Gautier
Newbie
Posts: 4
Karma: 0
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #172 on:
October 11, 2024, 11:21:48 am »
https://imgur.com/a/y2YyIJN
I created nat port forward to my server directly with the port 80 and everything work.
If I forward 443 to 80, can be considerate as a good test to check if ISP block something ?
https://imgur.com/n3XyyQt
I reach the webserver
«
Last Edit: October 11, 2024, 11:29:48 am by Gautier
»
Logged
Monviech
Hero Member
Posts: 1435
Karma: 164
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #173 on:
October 11, 2024, 02:12:08 pm »
Maybe the This Firewall alias does not work for you for some reason.
Try to disable the port forward rule.
Set the rules on WAN to "WAN address" instead.
Logged
Hardware:
DEC740
Baender
Full Member
Posts: 103
Karma: 4
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #174 on:
October 11, 2024, 02:20:32 pm »
I have a similar problem. From time to time, my domains are not reachable. I restricted them to the LAN network. Some services and my vacuum robot. The only thing that helps, is to perform a restart of the OPNsense and to get a new IP and new Records for the domains. A restart of caddy won't work. The services are reachable by their IP, when the problem occurs.
Would it help to set caddy to debug and send the log from the beginning, when it's working until the moment it fails? It could be a lot of log data, because I don't know when it will happen. Moreover I think, that this is related to a problem with IPv6 prefix delegation. In general, would it be a good idea, to combine the caddy logs, with the logs of the OPNSENSE system? Is this only manually possible?
Logged
Monviech
Hero Member
Posts: 1435
Karma: 164
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #175 on:
October 11, 2024, 02:37:44 pm »
I do think such a problem is out of scope for me to troubleshoot. Sorry.
Logged
Hardware:
DEC740
Gautier
Newbie
Posts: 4
Karma: 0
Re: Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS
«
Reply #176 on:
October 11, 2024, 04:12:15 pm »
I m agree with you, it's firewall problem config but witch checkbox
I continue to search
Logged
Print
Pages:
1
...
10
11
[
12
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
Tutorial: Caddy (Reverse Proxy) + Let's Encrypt Certificates + Dynamic DNS