Closed Monviech closed 8 months ago
There has to be an option to set a certificate on handles, since Caddy doesn't allow "ignore certificate checks" anymore. If the backend server has a self signed certificate, that certificate has to be imported into the OPNsense Trust store, and then be able to be selected in the handle.
Otherwise this isn't possible: Internet <--HTTPS--> Caddy <--HTTPS--> Backend Server
Example:
foo.example.com {
handle {
reverse_proxy 192.168.1.1 {
transport http {
tls
tls_trusted_ca_certs /usr/local/etc/caddy/certificates/temp/32423423.pem
}
}
}
}
This one isn't as straight forward as expected.
OPNsense doesn't store it's certificates as files, they're embedded in the config.xml with a refid. This refid can be cross referenced by using the Models "CertificateField".
General Idea what has to happen:
Every time a reconfigureAct is started, this kind of cycle will be triggered so the certificates are always the same as in the OPNsense Trust store.