# haproxy-template short template for certbot dns-01 with auto renew (Alpine 3.19 / LXC Proxmox) ## Installation Add Edge Repos to /etc/apk/repositories ```sh cat <> /etc/apk/repositories @edge https://dl-cdn.alpinelinux.org/alpine/edge/main @edgecommunity https://dl-cdn.alpinelinux.org/alpine/edge/community @edgetesting https://dl-cdn.alpinelinux.org/alpine/edge/testing EOF ``` Update system & install utils ```sh apk update && apk upgrade && apk add nano ``` Make Folder structure ```sh cd && mkdir -p /storage/certs && mkdir -p /storage/cf-tokens && mkdir -p /storage/hooks && chmod 777 -R /storage ``` Install haproxy and cloudflare-dns ```sh apk add haproxy certbot@edgecommunity certbot-dns-cloudflare@edgecommunity ``` Add custom scripts and default haproxy config ```sh mkdir -p /etc/haproxy && rm /etc/haproxy/haproxy.cfg && mkdir -p /etc/haproxy/ssl wget https://git.hackmi.ch/Phil/haproxy-template/raw/branch/main/haproxy.cfg -O /etc/haproxy/haproxy.cfg wget https://git.hackmi.ch/Phil/haproxy-template/raw/branch/main/genscripts.sh chmod 777 -R /etc/haproxy && chmod 7777 -R genscripts.sh ``` Add haproxy to startup and certbot autorenew to weekly ```sh rc-update add haproxy cat <> /etc/periodic/weekly/certbot-renew #!/bin/sh certbot renew EOF chmod 777 /etc/periodic/weekly/certbot-renew && chmod +x /etc/periodic/weekly/certbot-renew ``` Add first SSL cert (DNS-Challange) [Cloudflare] [https://developers.cloudflare.com/fundamentals/api/get-started/create-token/]
!! IMPORTANT !! -> THIS WILL GENERATE AN SNI WILDCARD (domainwithsslredirect.de, *.domainwithsslredirect.de) ```sh ./genscripts.sh domainwithsslredirect.de YOUR-API-TOKEN ``` Edit your haproxy config ```sh nano /etc/haproxy/haproxy.cfg # Change domainwithsslredirect.de with your url # Change service domainxyz to your desire in frontend https and backend # Adjust server web1 10.10.10.10:80 to your destination ``` Restart or reload haproxy ```sh service haproxy restart or service haproxy reload ``` Profit