# network interface settings; autogenerated# Please do NOT modify this file directly, unless you know what# you're doing.## If you want to manage parts of the network configuration manually,# please utilize the 'source' or 'source-directory' directives to do# so.# PVE will preserve these directives, but will NOT read its network# configuration from sourced files, so do not attempt to move any of# the PVE managed interfaces into external files!auto loiface lo inet loopbackiface lo inet6 loopbackauto eth0iface eth0 inet manualiface eth0 inet6 manualauto vmbr0iface vmbr0 inet static address x.y.z.86/32 gateway x.y.z.65 bridge-ports eth0 bridge-stp off bridge-fd 0 bridge-mcsnoop 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp post-up echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding #up ip route add x.y.z.76/32 dev vmbr0 #up ip route add x.y.z.77/32 dev vmbr0#Proxmox WAN Bridgeiface vmbr0 inet6 static address 2a01:x:y:z:5423::15/80 address 2a01:x:y:z:87::2/80 address 2a01:x:y:z:88::2/80 address 2a01:x:y:z:89::2/80 address 2a01:x:y:z:172::2/80 gateway fe80::1 post-up ip -6 route add 2a01:x:y:f600::/64 via 2a01:x:y:z:172::1auto vmbr1iface vmbr1 inet static address 192.168.123.2/24 bridge-ports none bridge-stp off bridge-fd 0 bridge-mcsnoop 0 post-up ip route add 192.168.0.0/16 via 192.168.123.1 dev vmbr1#LAN bridgeiface vmbr1 inet6 staticsource /etc/network/interfaces.d/*
Today I took the opportunity to try out Caddy reverse proxy instead of HAproxy, mostly because of a very specific problem with HAproxy...I must say I reverted after trying it thoroughly. My 2cents on this are as follows:- Caddy is suited to home setups and inexperienced users. HAproxy is much more complex.- For example, the certificate setup is much easier, because you just have to specify the domain and it just works (tm).- However, if you have more than just one domain, Caddy setup gets a little tedious:* you have to create one domain/certificate plus a http backend for any domain, which includes creating different ones for www.domain.de and domain.de. You cannot combine certificates for multiple domains unless they are subdomains.* You do not have much control over what type of certificate(s) are created - you cannot specifiy strength or ECC vs. RSA (much less both) and I have not found a means to control if ZeroSSL vs. LetsEncrypt is used.* The ciphers being employed cannot be controlled easily - or, for TLS 1.3, at all. That results in an ssllabs.com score which is suboptimal, becaus 128bit ciphers are allowed. This cannot be changed because of Go limitations.* You cannot use more than one type of DNS-01 verification if you use wildcard domains.* The Auto HTTPS feature looks nice first, but indeed it uses a 308 instead of a 301 code, which breaks some monitoring and can only be modified via custom include files.So, if you just want to reverse-proxy some services in your home network, go with Caddy. For an OpnSense guarding your internet site with several services/domains, stay with HAproxy.