No description
| genscripts.sh | ||
| haproxy.cfg | ||
| README.md | ||
haproxy-template
short template for certbot dns-01 with auto renew (Alpine 3.19 / LXC Proxmox)
Installation
Add Edge Repos to /etc/apk/repositories
cat <<EOF >> /etc/apk/repositories
@edge https://dl-cdn.alpinelinux.org/alpine/edge/main
@edgecommunity https://dl-cdn.alpinelinux.org/alpine/edge/community
@edgetesting https://dl-cdn.alpinelinux.org/alpine/edge/testing
EOF
Update system & install utils
apk update && apk upgrade && apk add nano
Make Folder structure
cd && mkdir -p /storage/certs && mkdir -p /storage/cf-tokens && mkdir -p /storage/hooks && chmod 777 -R /storage
Install haproxy and cloudflare-dns
apk add haproxy certbot@edgecommunity certbot-dns-cloudflare@edgecommunity
Add custom scripts and default haproxy config
mkdir -p /etc/haproxy && rm /etc/haproxy/haproxy.cfg && mkdir -p /etc/haproxy/ssl
wget https://git.hackmi.ch/Phil/haproxy-template/raw/branch/main/haproxy.cfg -O /etc/haproxy/haproxy.cfg
wget https://git.hackmi.ch/Phil/haproxy-template/raw/branch/main/genscripts.sh
chmod 777 -R /etc/haproxy && chmod 7777 -R genscripts.sh
Add haproxy to startup and certbot autorenew to weekly
rc-update add haproxy
cat <<EOF >> /etc/periodic/weekly/certbot-renew
#!/bin/sh
certbot renew
EOF
chmod 777 /etc/periodic/weekly/certbot-renew && chmod +x /etc/periodic/weekly/certbot-renew
Add first SSL cert (DNS-Challange) [Cloudflare] [https://developers.cloudflare.com/fundamentals/api/get-started/create-token/]
!! IMPORTANT !! -> THIS WILL GENERATE AN SNI WILDCARD (domainwithsslredirect.de, *.domainwithsslredirect.de)
./genscripts.sh domainwithsslredirect.de YOUR-API-TOKEN
Edit your haproxy config
nano /etc/haproxy/haproxy.cfg
# Change domainwithsslredirect.de with your url
# Change service domainxyz to your desire in frontend https and backend
# Adjust server web1 10.10.10.10:80 to your destination
Restart or reload haproxy
service haproxy restart
or
service haproxy reload
Profit