Added Part 8 to hide the certificate on access by IP.Ĭurrent Ciphers and Cipher Suites for a 100% A+ rating at SSLLabs.
Updated the "NoSSL_condition" based on the HAProxy docs.Changed the IP address of the "SSL_server" to one that belongs to the localhost subnet.The previous "Dynamic DNS Support" (os-dyndns) plugin will be removed with the release of OPNsense 22.7.x. Updated the DynDNS part to use the newer "Dynamic DNS Client" (os-ddclient) plugin.Updated the Let's Encrypt part because of changes to the wildcard certificate generation.Updated the Let's Encrypt part since the service has been renamed to ACME client.Added an explanation about using self-signed certificates for internal communication to the FAQ.Added an explanation on how to configure local-access-only subdomains in HAProxy.The tutorial is now using a map file instead of "condition + rule" for service configuration.This leaves us with only one firewall rule instead of two and makes even more sense if one is using additional frontends on different ports. Added an alias for the HAProxy ports and updated the WAN interface firewall rule with it.Enabled Proxy Protocol in the "SSL_backend", "HTTPS_frontend" and "HTTP_frontend" configuration so that the IPs of clients accessing HAProxy will now no longer be overwritten with the "SSL_server" IP.The tutorial is now using a wildcard CNAME record.ALWAYS include details about your setup, your goal, the service. ALWAYS include relevant HAProxy errors and/or log entries.ģ. ALWAYS include the HAProxy Config Export.Ģ.
This configuration is tested to be working on OPNsense 23.1.x (OpenSSL flavour) with latest updates as of 20230223.įrom now on I will no longer provide support to people asking for help without giving any additional information about their setup.ġ. If this guide was helpful to you then please leave me a thanks down below as it took me several days to write this down. If you think that there is anything wrong or missing, feel free to tell me about it and I will consider changing it. I will try to make this as complete and detailed as possible. It is going to be a step-by-step guide with images on how to set things up while also explaining why we set things up in a certain way. This tutorial will show you how to configure HAProxy as a reverse proxy on OPNsense using wildcard certificates from Let's Encrypt. So I thought I would save many of you a lot of time and provide my ultimate HAProxy on OPNsense guide. I had to puzzle everything together from various websites. When I started implementing HAProxy in my network I couldn't find any complete and well written guide out there.
0 kommentar(er)
