Closed Monviech closed 9 months ago
This pull request will break prior functionality because it removes the "ToDomain" and "ToPort" from the model and the dialogReverseProxy.
Using handles is now mandatory. It makes the setup a little bit less straight forward, but in the end it will provide way more possibilities.
The new Caddyfile will look like this once generated:
# DO NOT EDIT THIS FILE -- OPNsense auto-generated file { storage file_system { root /usr/local/etc/caddy } log { output file /var/log/caddy/caddy.log { roll_size 10MiB roll_keep 10 roll_keep_for 720h } } email info@example.com auto_https off import /usr/local/etc/caddy/caddy.d/*.global } # Reverse Proxy Domain: "41e45842-e3d7-4e3a-9aea-adf654cf6050" *.example.com:443 { tls { dns cloudflare 1484053787dJQB8vP1q0yc5ZEBnH6JGS4d3mBmvIeMrnnxFi3WtJdF } handle /owa/* { reverse_proxy 192.168.1.1:8443 } handle { reverse_proxy 192.168.1.1:443 } @4c087454-ee7e-462d-a603-e58eee82a2b7 host foo.example.com handle @4c087454-ee7e-462d-a603-e58eee82a2b7 { handle /owa/* { reverse_proxy 192.168.1.1:8443 } handle { reverse_proxy 192.168.1.1:443 } } @409b7309-df6a-4ce0-aafd-bf7c21e64a7d host foo.example.com:8443 handle @409b7309-df6a-4ce0-aafd-bf7c21e64a7d { handle /owa/* { reverse_proxy 192.168.1.1:8443 } handle { reverse_proxy 192.168.1.1:8443 } } @bee7f665-9ae1-499c-9a83-7c15862cc24f host foo.example.com:80 handle @bee7f665-9ae1-499c-9a83-7c15862cc24f { } @cdcfea20-7019-4a8d-9ade-7bc9fff3518d host bar.example.com handle @cdcfea20-7019-4a8d-9ade-7bc9fff3518d { handle /autodiscover/* { reverse_proxy 192.168.4.5:8443 } } } # Reverse Proxy Domain: "b875d6c0-e906-4fec-8b09-86430d390427" foo.test.com:443 { tls /usr/local/etc/caddy/certificates/temp/6579bbf06e7da.pem /usr/local/etc/caddy/certificates/temp/6579bbf06e7da.key handle /autodiscover/* { reverse_proxy 192.168.4.5:8443 } handle { reverse_proxy 192.168.4.5:8443 } } # Reverse Proxy Domain: "19b938ec-f74f-40bb-a244-5f129cf55f31" foo.test.com:8443 { tls /usr/local/etc/caddy/certificates/temp/6579bbf06e7da.pem /usr/local/etc/caddy/certificates/temp/6579bbf06e7da.key handle /autodiscover/* { reverse_proxy 192.168.4.5:8443 } } # Reverse Proxy Domain: "533ee214-315b-4424-9908-7d76c88fba00" *.example.com:8443 { tls { dns cloudflare 1484053787dJQB8vP1q0yc5ZEBnH6JGS4d3mBmvIeMrnnxFi3WtJdF } } import /usr/local/etc/caddy/caddy.d/*.conf
It is based upon this sample data:
<opnsense> <Pischem> <caddy version="1.0.7"> <general> <enabled>1</enabled> <TlsEmail>info@example.com</TlsEmail> <TlsAutoHttps>off</TlsAutoHttps> <TlsDnsProvider>cloudflare</TlsDnsProvider> <TlsDnsApiKey>1484053787dJQB8vP1q0yc5ZEBnH6JGS4d3mBmvIeMrnnxFi3WtJdF</TlsDnsApiKey> </general> <reverseproxy> <reverse uuid="41e45842-e3d7-4e3a-9aea-adf654cf6050"> <enabled>1</enabled> <FromDomain>*.example.com</FromDomain> <FromPort>443</FromPort> <Description>*.example.com.443</Description> <DnsChallenge>1</DnsChallenge> <CustomCertificate/> </reverse> <reverse uuid="b875d6c0-e906-4fec-8b09-86430d390427"> <enabled>1</enabled> <FromDomain>foo.test.com</FromDomain> <FromPort>443</FromPort> <Description>foo.test.com.443</Description> <DnsChallenge>0</DnsChallenge> <CustomCertificate>6579bbf06e7da</CustomCertificate> </reverse> <reverse uuid="19b938ec-f74f-40bb-a244-5f129cf55f31"> <enabled>1</enabled> <FromDomain>foo.test.com</FromDomain> <FromPort>8443</FromPort> <Description>foo.test.com.8443</Description> <DnsChallenge>0</DnsChallenge> <CustomCertificate>6579bbf06e7da</CustomCertificate> </reverse> <reverse uuid="533ee214-315b-4424-9908-7d76c88fba00"> <enabled>1</enabled> <FromDomain>*.example.com</FromDomain> <FromPort>8443</FromPort> <Description>*.example.com.8443</Description> <DnsChallenge>1</DnsChallenge> <CustomCertificate/> </reverse> <subdomain uuid="4c087454-ee7e-462d-a603-e58eee82a2b7"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <FromDomain>foo.example.com</FromDomain> <FromPort/> <Description>foo.example.com</Description> </subdomain> <subdomain uuid="409b7309-df6a-4ce0-aafd-bf7c21e64a7d"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <FromDomain>foo.example.com</FromDomain> <FromPort>8443</FromPort> <Description>foo.example.com.8443</Description> </subdomain> <subdomain uuid="bee7f665-9ae1-499c-9a83-7c15862cc24f"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <FromDomain>foo.example.com</FromDomain> <FromPort>80</FromPort> <Description>foo.example.com.443</Description> </subdomain> <subdomain uuid="cdcfea20-7019-4a8d-9ade-7bc9fff3518d"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <FromDomain>bar.example.com</FromDomain> <FromPort/> <Description>bar.example.com</Description> </subdomain> <handle uuid="3df8557a-c02a-4728-ba4e-085d762737ee"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <subdomain>4c087454-ee7e-462d-a603-e58eee82a2b7</subdomain> <HandleType>handle</HandleType> <HandlePath/> <ToDomain>192.168.1.1</ToDomain> <ToPort>443</ToPort> <Description/> </handle> <handle uuid="d0aae8dc-84c8-4900-82b4-accb17046bff"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <subdomain>409b7309-df6a-4ce0-aafd-bf7c21e64a7d</subdomain> <HandleType>handle</HandleType> <HandlePath/> <ToDomain>192.168.1.1</ToDomain> <ToPort>8443</ToPort> <Description/> </handle> <handle uuid="ee198f0c-fc8b-4f12-9ebf-15d0a68bd520"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <subdomain>409b7309-df6a-4ce0-aafd-bf7c21e64a7d</subdomain> <HandleType>handle</HandleType> <HandlePath>/owa/*</HandlePath> <ToDomain>192.168.1.1</ToDomain> <ToPort>8443</ToPort> <Description/> </handle> <handle uuid="eba94dd2-75bd-4aa5-8182-759818fb453b"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <subdomain>4c087454-ee7e-462d-a603-e58eee82a2b7</subdomain> <HandleType>handle</HandleType> <HandlePath>/owa/*</HandlePath> <ToDomain>192.168.1.1</ToDomain> <ToPort>8443</ToPort> <Description/> </handle> <handle uuid="83e1dbfb-7384-4eba-93c9-6deffe4e5da3"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <subdomain/> <HandleType>handle</HandleType> <HandlePath/> <ToDomain>192.168.1.1</ToDomain> <ToPort>443</ToPort> <Description/> </handle> <handle uuid="f97f8189-5877-432d-b848-dfa0cecdd44c"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <subdomain/> <HandleType>handle</HandleType> <HandlePath>/owa/*</HandlePath> <ToDomain>192.168.1.1</ToDomain> <ToPort>8443</ToPort> <Description/> </handle> <handle uuid="d7db20f9-4f23-4840-8e86-2f8f67c2dcf9"> <enabled>1</enabled> <reverse>b875d6c0-e906-4fec-8b09-86430d390427</reverse> <subdomain/> <HandleType>handle</HandleType> <HandlePath/> <ToDomain>192.168.4.5</ToDomain> <ToPort>8443</ToPort> <Description/> </handle> <handle uuid="46f33fa9-6c8a-4aeb-8c96-2e57fc675e29"> <enabled>1</enabled> <reverse>b875d6c0-e906-4fec-8b09-86430d390427</reverse> <subdomain/> <HandleType>handle</HandleType> <HandlePath>/autodiscover/*</HandlePath> <ToDomain>192.168.4.5</ToDomain> <ToPort>8443</ToPort> <Description/> </handle> <handle uuid="0ebb026d-3a09-48c6-8ba6-afa251f330ca"> <enabled>1</enabled> <reverse>19b938ec-f74f-40bb-a244-5f129cf55f31</reverse> <subdomain/> <HandleType>handle</HandleType> <HandlePath>/autodiscover/*</HandlePath> <ToDomain>192.168.4.5</ToDomain> <ToPort>8443</ToPort> <Description/> </handle> <handle uuid="7c38bbbf-5a49-425f-9874-1937b224ce75"> <enabled>1</enabled> <reverse>41e45842-e3d7-4e3a-9aea-adf654cf6050</reverse> <subdomain>cdcfea20-7019-4a8d-9ade-7bc9fff3518d</subdomain> <HandleType>handle</HandleType> <HandlePath>/autodiscover/*</HandlePath> <ToDomain>192.168.4.5</ToDomain> <ToPort>8443</ToPort> <Description/> </handle> </reverseproxy> </caddy> </Pischem> </opnsense>
This pull request will break prior functionality because it removes the "ToDomain" and "ToPort" from the model and the dialogReverseProxy.
Using handles is now mandatory. It makes the setup a little bit less straight forward, but in the end it will provide way more possibilities.
The new Caddyfile will look like this once generated:
It is based upon this sample data: