How To Create pfsense Let's Encrypt Wildcard Certificates using HAProxy

Networking & Firewalls
1
2

In this video, your PurpleNAS has an IP of 192.168.1.8 but when you configure the DNS Resolver, you set the IP to 192.168.1.1.
What happens when you want to add another entry in host overrides, do you use the same IP (i.e. 192.168.1.1)? How does pfsense not confuse this with the IP of the sg1100 router, which also sits at 192.168.1.1.

Thanks

3

HAProxy determines based on SNI from your browser what site to send you. But as I stated in the video, the first step is to move the pfsense web interface to a different port.

4

Hi, So i followed your video and got FreeNAS to work perfectly.
Now when i goto freenas.habibtain.com from any device on the network it works.

Then i added an entry for Nextcloud. cloud.habibtain.com
This only work from one computer and non of the others. What could be the problem?
Below are the setting have,
FreeNas IP - 192.168.10.210
Nextcloud IP - 192.168.10.211

HaProxy Backend
image

Nextcloud Backend

image
image918×411 22.2 KB

Front End

image
image1153×250 20.1 KB

image
image1157×553 33.1 KB

image
image1168×279 16.5 KB

image
image1045×261 15.4 KB

image
image908×371 33.5 KB

DNS Resolver

image
image714×435 27.7 KB

I’ve been scratching my head and googling for days now.
Apparently Nextcloud is a bit tricky to make it work behind a proxy, but just cannot understand why it would work on only come system and non of the others :confused:

5

If it is working on one computer, but not the others, I would first check the DNS of the computer that it is not working on.

6

Hi all-
I’m following this video to setup HAProxy for a few internal only services, as mentioned in the beginning of the video.

I’m setting up the Wildcard ACME Certificate and have learned that I need API access for my domain (hosted by Namcheap). Namecheap requires someone to have 20+ domains before providing API access so I figured I should just move the DNS aspect to another provider such as Digital Ocean or Cloudflare.

I’m a bit confused with what is the best practice: Is it best practice to transfer the entire domain or only the DNS hosting aspect to another provider?

The domain in question is used ONLY for my local network and nothing is publicly hosted on it. I am using a separate domain for my email.
Thanks

7

We keep the domain with our registrar of choice and just move the DNS to a service that offers the API.

2 Likes