Share this post on:

I finally took the time to setup a proxy so the site could appear “proper” from the WAN. HA Proxy + OPNsense was the route I took since I already had an OPNsense instance running. Some things to note for any paying attention:

  1. Let’s encrypt plugin on OPNsense is a bit finicky. I recommend to use the staging environment so your domains are not locked out for exceeding request limits during setup/testing. The only problem with this is the plugin DOES NOT like to switch back to production. Mine would not update the certificate in production and wouldn’t give errors. I finally guessed upon a solution that worked: re-register your LE account with LE set to production. I was ten able to grab my cert.
  2. HTTPS proxy to a HTTP server (how I originally had the site setup) did not work. The site loaded but offsite items (like fonts and others linked in CSS) did not load. I created a quick self signed cert, pointed the real server to 443 and everything fired up.

Now I can have as many SSL sites hidden behind the firewall as I want. Whats next?

Share this post on:

Leave a Comment

Your email address will not be published. Required fields are marked *