HTTPS to PfSense and HTTP after? possible?
-
@viragomann rndtech.org is the domain, cloud is its sub (i own rndtech.org)...
and, this is a test i ran like 10 minutes ago
well, at least i can stop having to substitute mydomain.com :)
-
@menethoran
I'm wondering why it shows different IP addresses for the same server.
So you can open a test to view its result or hit "clear cache" to run a new one. -
@viragomann probably cloudflare...
Youre welcome to take a peek at the results (its a lot of stuff thats a bit above my paygrade...)
https://www.ssllabs.com/ssltest/analyze.html?d=cloud.rndtech.org
-
@menethoran
Yes, I already viewed. Everything looks find, apart from supporting TLS 1.0 and 1.1.
But obviously Chrome doesn't like the Cloudflare cert, though it works here in Firefox.Okay, now I get redirected to https://192.168.2.2:9443 as well.
Calling your host, I get to Cloudflare and the server sends 302 (Object moved) > location: https://192.168.2.2:9443/login, which naturally fails.
So seems to me, there is something wrong in the Cloudflare configuration. But I'm not familiar with that.
-
now i dont even know whats going on... everything (*.mydomain.com) redirects to my local ombi instance (i was trying to get my http traffic up and running...
-
@menethoran so do you want to use cloudflare as your proxy, or do you want to use haproxy?
I use haproxy to do ssl offloading, I install a acme cert on haproxy. cloudflare is only being used for dns that points the fqdn of my domain to my pfsense wan IP. haproxy answers this does the ssl stuff and then sends it to my overseerr running on docker on my nas. I use to do this with ombi as well, but after testing both overseerr is better than ombi in many ways.
-
@johnpoz i only want cloudflare to handle my DNS.
And ill definitely look into overseer, ive found ombi to be a little cumbersome at times, kind of needy, and likes to just stop working for no reason :)I have been using (or trying to get it to work) HAProxy. and ive also been having to mess with traefik (because of the way the pods are set up as kubernetes in truenas) But that has caused infinitely more headaches with less progress (read: exactly 0 progress). Probably becasue its sort of like an apple app, it looks pretty and its super powerful, but since you dont have access to any of the backend stuff on it, its pretty much useless unless you just want to click buttons (or if you want to click buttons and follow walkthroughs, but doesnt come close to covering the more technical or difficult setups like what i, and probably most of us, have.)
Maybe thats a big problem ive been having then, ive been leaving cloudflare proxy my subdomains. (im fairly new at this if you remember any of my other posts, and youve helped with this same issue from different angles.)
Thanks for pointing out, or shining light on the cloudflare proxy thing, ill have to turn it off and see if i can get HAProxy to work. Ill report back later (gotta go pick up a kid and start tonights drinking)
-
@menethoran here is my cloudflare - you can see I only using dns setting
Happy to share my haproxy settings with you. But we need to make sure the cloudfare proxy is out of the picture.
-
@johnpoz Cloudflare is out of the picture now :)
-
@menethoran and other settings....
-
@menethoran OMG!!!!
I just got it to work!!!
THANK YOU SO MUCH @johnpoz
You didnt give me the exact answer, but you gave me the ideas that i could smash together enough...
i flat out had too many proxies or too many things in the way (right now, ive got it working with traefik but i think i can implement the same kind of things and thoughts to make it work with HAProxy...)
Ive got a BUNCH of work to do to get everything up and running, but, if theres an area on here i can get a sticky for a walkthrough, ill definitely put together a write up (ill be posting it over at trueNAS and if theyll let me, truecharts)
Holy crap that was a learning process :) and damn it feels good now
-
@menethoran What was the solution to this issue in the end? I'm having similar issues.
