Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Traefik on OPNSense forwarding to internal hosts
« previous
next »
Print
Pages: [
1
]
Author
Topic: Traefik on OPNSense forwarding to internal hosts (Read 489 times)
bobpaul
Newbie
Posts: 12
Karma: 4
Traefik on OPNSense forwarding to internal hosts
«
on:
May 10, 2024, 11:20:49 pm »
Current Setup, without Traefik plug
My current setup is pretty standard. I have 80 and 443 forwarded to an internal host. On that host I run traefik and some docker containers.
80 -> internalhost1:80
443 -> internalhost1:443
But I'd like to a second internal host, also running some services. And I'd like to do this without running either on non-standard ports.
Desired setup, with os-traefik-maxit
I've installed traefik from
mimugmail's repo
. I was planning something like this:
http://(.*) -> https://(.*)
https://newservice.example.com
->
https://internalhost2/
https://oldservice1.example.com
->
https://internalhost1/
https://oldservice2.example.com
->
https://internalhost1/
https://oldservice3.example.com
->
https://internalhost1/
I wonder if anyone has set up something similar. I'm running into some roadblocks right out of the gate and I wonder if anyone has solved them or has suggests.
1. Traefik entry points look like
Code:
[Select]
address = ":443"
, but that will conflict with the local opnsense webui. IS there some way to dynamically use the WAN ip address as the bind address in a configuration file like this? I don't think traefik allows selecting a bind adapter. I won't need traefik on OPNSense listening on any local IPs.
I guess one solution might be that I could have traefik listen on non-standard ports like 127.0.0.1:8443 and then use a port forwarding rule in the OPNSense firewall config.
2. One reason I like Traefik is because of how easy it is to manage TLS certificates. I use DNS challenge with Digital Ocean, but that requires an environment variable
Code:
[Select]
DO_AUTH_TOKEN
is set. I don't think traefik lets me put this in the traefik.toml file. Is there a way to set environment global variables on OPNsense so that a service like traefik will inherit that in its launch shell?
Logged
Monviech
Hero Member
Posts: 946
Karma: 100
Re: Traefik on OPNSense forwarding to internal hosts
«
Reply #1 on:
May 11, 2024, 07:42:00 am »
Why not use Caddy instead, it also has DigitalOcean Provider build right into the GUI.
https://docs.opnsense.org/manual/how-tos/caddy.html
Logged
Reverse Proxy with automatic HTTPS and Dynamic Dns
os-caddy
,
Tutorial
,
Docs
Hardware:
DEC740
bobpaul
Newbie
Posts: 12
Karma: 4
Re: Traefik on OPNSense forwarding to internal hosts
«
Reply #2 on:
May 17, 2024, 03:46:15 pm »
Thanks, I'll try that. Traefik seemed nice since I'm already using it on other systems. I guess I searched for "traefik on opnsense" and I should have just searched for reverse proxy options...
I see that
HAProxy is also an option
and uses the
os-acme-client
, which I already use.
Logged
Monviech
Hero Member
Posts: 946
Karma: 100
Re: Traefik on OPNSense forwarding to internal hosts
«
Reply #3 on:
May 18, 2024, 09:51:16 am »
Yeah there are a lot of options. os-opnwaf (opnsense business edition), os-nginx, os-haprox, and the latest is os-caddy.
os-caddy and os-opnwaf do the certificate management automatically without the ACME Client plugin.
Logged
Reverse Proxy with automatic HTTPS and Dynamic Dns
os-caddy
,
Tutorial
,
Docs
Hardware:
DEC740
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Traefik on OPNSense forwarding to internal hosts