As well as further clarification from Raid Owl’s vid of pretty much the same process.
I’ve gotten to the point of inputting the cloudflare API information in and obtaining a valid cert, and building out an HAproxy backend and front end. All that said, when I close up the port forwarding I loose sync functionality.
What am I missing as far as being able to successfully ‘break’ that link to the outside world, making it so my vaultwarden only works for LAN connected devices and/or with tailscale?
Do I need to use pfSense DNS resolver for a host override?
Doesn’t Learn Linux TV have a video on this as well? I can’t find it anywhere.
I’ll try wildcard, but why doesn’t the specific DNS (example.mydomain.net) work in this case? It all works until I sever the port forward (even after inputting a host override in pfsense). Note I’m not using standard port 443 for vaultwarden so there shouldn’t be an issue not changing pfSense’s webUI correct?
I’m not sure why you put 192.168.1.1 for the DNS Resolver/General Settings/Edit Host Override for your freenas, but when I put my clients IP address there I know at least have routing success, but no SSL:
I tap out. Between docker being on synology, its reverse proxy, pfsense, turning off ha_proxy, cloudflare etc etc I’ve strung a string of band-aids and spray and prays and now I can access the web vault when I accept the self signed cert, and andoid app syncs but strangely the browser add-ons sync fails. I might just stop here, its been (no lie) 1.5 days of trying to figure this out. I’m ashamed to admit I work in IT but this has me whipped.