hi all, need some assistance:
I"m sitting with the following problem, and wonder if you can assist, but thinking it could also be a great video fro someone, taking some of whats out there a little bit further.
I watched another video ([SSL Encryption on Your Home Server the SIMPLE WAY - Cloudflare, pfSense, HAProxy, ACME https setup - YouTube] that put some bits together, and know I followed it pretty spot one… but then I know my setup is slightly different so not surprised I’m having a issue.
(so yes have a Cloudflare account etc as per the video, my domain happens to also be a Google based one, and I did do the NS change into Cloudflare).
I currently use a Home Assistant Integration to update my IP in Cloudflare, and thats working, but would prefer to change that to the Dynamic DNS service in pfSense / configured, but think it’s failing as it’s not on the edge.
Overview of my setup,
I got HomeAssistant (172.16.10.21) configured (listening on 8123), on a Rpi, what else. This is hard wired into my Unifi 24 Port PoE switch (172.16.10.2)
The Unifi is patched into a Whitebox pfSense (WAN: 188.8.131.52 LAN: 172.16.10.1)
The WAN port of my pfSense goes into a LAN port of my edge router, The Edge router (Draytek 2760) on WAN has a dynamic IP, and the Lan side it’s 184.108.40.206 (I have to currently use the Draytek as my ADSL service is provided down a RG11 line still, I’m switching to Fiber at which time I will patch into the ISP’s ONT, which will then mean I can retire the Draytek, and thus make the pfSense the edge device)
I’ve configured a NAT on the Draytek taking WAN:443 and forwarding onto 220.127.116.11 : 443
And then I followed the above video to setup https://ha. (PS: I’ve configured Cloudflare to be strict… aka browser to cloud is encrypted and cloudflare to me is encrypted.), I’d love to also be able to tell my draytek to only accept this https stream from Cloudflare only, as I’ve configured the service with the reverse proxy setting.
I"m getting the following error from pfSense when visiting my site:
“Potential DNS Rebind attack detected, see [http ://en.wikipedia.org/wiki/DNS_rebinding]”
Try accessing the router by IP address instead of by hostname."
when I tried the IP it gave me my pfsense, so I’ve since changed the pfsense port to something non standard,
I’m guessing the pfSense is sensing that it’s not on the edge and seeing the NAT executed by the Draytek.