Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Help Wanted] Unable to create ACME cert behind opnsense and proxmox #83

Open
Dvalin21 opened this issue Nov 24, 2023 · 4 comments
Open

[Help Wanted] Unable to create ACME cert behind opnsense and proxmox #83

Dvalin21 opened this issue Nov 24, 2023 · 4 comments
Labels
help wanted Extra attention is needed

Comments

@Dvalin21
Copy link

Dvalin21 commented Nov 24, 2023
edited

Describe the bug
I've tried installing this on proxmox, behind opnsense. For some reason, even after verifying both ports 80 and 443 were open, it wouldn't allow me to create letsencrypt certificates. Also under "certs wiki" where you can verify that your ports are open, it would fail each time. I've other ports opened the same way with no issues. Is it possibly because I have it installed on Proxmox?

To Reproduce
Steps to reproduce the behavior:

  1. Go to '...' TLS Certificats
  2. Click on '....' Click on Open ACME Tool
  3. Scroll down to '....' Click on create ACME (keeps saying probably firewall)
  4. Click on "Wiki" at the bottom
  5. Click on check on open ports (I may have the terminology wrong)
  6. It would say unable to connect, Verify if your behind a NAT that its connected correctly.

In opnsense, here is how I had the port forwarding setup
Under
Nat
Port Forwarding

Interface: WAN
TCP/IP Version: IPV4
Protocol: TCP
Source: Any
Source Port Range: Any
Destination: WAN Address
Destination Port Range: Alias Zoraxy ( for ports 80, 443)
Redirect Target IP: Ip address for Zoraxy
Redirect Target Port: Alias Zoraxy ( for ports 80, 443)

Then clicked saved. Restart Zoraxy and router....got the same result.

**Expected behavior**
I expected it to be able to see the port forwards and assign certs

**Browser (if it is a bug appears on the UI section of the system):**
 - OS: [e.g. iOS]  Proxmox/Lxc/Debian 12
 - Browser [e.g. chrome, safari] Chrome
 - Version [e.g. 22] 2.6.7

**Host Environment (please complete the following information):**
-  Arch: [e.g. arm64] amd64
 - Device: [e.g. Bananapi R2 PRO] Custom PC
 - OS: [e.g. Armbian] Proxmox
 - Version [e.g.  23.02 Bullseye ] Debian (Proxmox based on Debian)

I used the following script to install it to proxmox bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/zoraxy.sh)"

This came from https://tteck.github.io/Proxmox/


Additional Information

For the time being had to switch back to Nginx, which once I restored Nginx from backup, it immediately started running. All certs were renewed with no issues. I would rather switch over however with all that Zoraxy offers. Thanks
@Dvalin21 Dvalin21 added the bug Something isn't working label Nov 24, 2023
@tobychui
Copy link
Owner

I am not sure about opnsense and running inside proxmox, but there are users who run their Zoraxy inside proxmox and ACME tools is usable when Zoraxy is directly exposed to the internet. This seems like a "Help Wanted" issue to me than a bug that caused by Zoraxy.

With such complex infrastructure in place, you should keep using Nginx which provide more flexible configuration than Zoraxy. Again, Zoraxy is design for noobs with simple network infrastructure and it is not design to handle complex infra like yours. Not to mention running in Chinese hardware like the Bananapi which, in my experience, might contains weird issues within the kernel they supplied. In your use cases, Nginx seems a better fit for you.

I will update the label and keep this here in case anyone out there figure out a solution to your problem.

@tobychui tobychui added help wanted Extra attention is needed and removed bug Something isn't working labels Nov 24, 2023
@tobychui tobychui changed the title [BUG] [Help Wanted] Unable to create ACME cert behind opnsense and proxmox Nov 24, 2023
@Dvalin21
Copy link
Author

Dvalin21 commented Nov 24, 2023 via email

@tobychui
Copy link
Owner

Hi @Dvalin21,

As Zoraxy is not Apache or Nginx that has their own static web server (at least not before 2.6.7), the proxy root is designed for you to forward default traffics to an external web server (like Apache or Nginx). Now with the 2.6.8 release, you can just tick "Use static web server as root" options and let Zoraxy's build in static web server handles the unknown traffics.
圖片

That aside, it is common that you might not be used to how Zoraxy name things if you are a long term Nginx (or NPM) user. For those options, here is how I set them

Status Page
圖片

Proxy Root Page
圖片

Where I have another Apache web server running on localhost:8080 (this can be any LAN address, public IP address or domain) and my zoraxy allow https access (i.e. port 443) from the internet (WAN).

@Dvalin21
Copy link
Author

@tobychui Thank you so much for taking the time to explain this. I will be referring other users to this app and will share this to help them understand the setup.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Dvalin21 @tobychui