I've been trying to get my reverse proxy working with my nextcloud install. Tried to use HAProxy in pfsense but couldn't get it going so I'm trying to go back to caddy RP in a FN jail. All was working with this setup before my update to 12.2U3. Can't seem to get it working and I think the issue is with my firewall.
Theorectically if my Caddyfile worked before that same file should work with a fresh install of the RP jail.
Setup:
My pfsense has a NAT rules for ports 80 and 443 directed to my caddy RP jail. Those autocreated rules are above my default block rules on my WAN interface.
The caddy.log file show
So I presume that the jail cannot get out on ports 80 and 443.
Here is my Caddyfile
I'm stumped and any help even to narrow down where to look would be greatly appreciated. Maybe the same issue preventing the HAProxy from working.
Theorectically if my Caddyfile worked before that same file should work with a fresh install of the RP jail.
Setup:
My pfsense has a NAT rules for ports 80 and 443 directed to my caddy RP jail. Those autocreated rules are above my default block rules on my WAN interface.
The caddy.log file show
Code:
"error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:connection - Timeout during connect (likely firewall problem)","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/19380616/45879732","attempt":2,"max_attempts":3}
So I presume that the jail cannot get out on ports 80 and 443.
Here is my Caddyfile
Code:
{ acme_ca https://acme-staging-v02.api.letsencrypt.org/directory email mydomain@gmail.com } mydomain.com { root * /usr/local/www/html/ file_server header { enable HSTS Strict-Transport-Security max-age=31536000; } } cloud.mydomain.com { encode gzip reverse_proxy http://192.168.5.81 header { enable HSTS Strict-Transport-Security max-age=31536000; } } collabora.mydomain.com { encode gzip @collabora { path /loleaflet/* # Loleaflet is the client part of LibreOffice Online path /hosting/discovery # WOPI discovery URL path /hosting/capabilities # Show capabilities as json path /lool/* # Main websocket, uploads/downloads, presentations } reverse_proxy @collabora http://192.168.5.89:9980 }
I'm stumped and any help even to narrow down where to look would be greatly appreciated. Maybe the same issue preventing the HAProxy from working.