OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Let's Encrypt and haproxy
« previous next »
  • Print
Pages: [1]

Author Topic: Let's Encrypt and haproxy  (Read 4095 times)

pingus

  • Newbie
  • *
  • Posts: 24
  • Karma: 2
    • View Profile
Let's Encrypt and haproxy
« on: February 07, 2017, 02:29:03 pm »
Hi

I'm tesing OPNsense with haproxy and Let's Encrypt but it will not issue a certificate because the path is not found (http based).

It is not fully clear to me what Let's Encrypt is doing in http based issuing. Do it stop any web services on the firewall itself and then start it's own webservice to provide the necessary web path? If so, does it also stop the haproxy or is this not necessary?

Or, does it need the web server the certificate is for? Makes no sense to me because OPNsense is not able to write into the backend webservers http directory.

Many thanks for the clarification.
Logged

dragon2611

  • Jr. Member
  • **
  • Posts: 94
  • Karma: 4
    • View Profile
Re: Let's Encrypt and haproxy
« Reply #1 on: February 07, 2017, 03:56:16 pm »
Either the challange file needs to exist on the backend server or HAproxy would need to divert the folder LE uses to another directory hosting the challenge response file
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13634
  • Karma: 1174
    • View Profile
Re: Let's Encrypt and haproxy
« Reply #2 on: February 07, 2017, 04:23:01 pm »
Hi guys,

The author of the LE and HAproxy plugin was hard at work to provide full integration between both plugins (LE -> HAproxy really). It is scheduled for release with OPNsense 17.1.1 on Thursday.


Cheers,
Franco
Logged

fraenki

  • Full Member
  • ***
  • Posts: 171
  • Karma: 28
    • View Profile
    • GitHub
Re: Let's Encrypt and haproxy
« Reply #3 on: February 07, 2017, 04:40:35 pm »
I've added some screenshots to the PR to demonstrate the upcoming HAProxy integration:
https://github.com/opnsense/plugins/pull/71

When enabled it will automatically add the required configuration to HAProxy (backend, server and action/ACL for acme challenge detection/redirection) and restart HAProxy if required. (The acme challenges will be served by a tiny webserver running on OPNsense.)


Regards
- Frank
Logged

pingus

  • Newbie
  • *
  • Posts: 24
  • Karma: 2
    • View Profile
Re: Let's Encrypt and haproxy
« Reply #4 on: February 07, 2017, 08:19:23 pm »
Wow, what a great community and fast developers! I guess i should stay with opnsense  :D ;)
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Let's Encrypt and haproxy
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2