haproxy-template/README.md
2024-02-19 20:59:44 +01:00

74 lines
2 KiB
Markdown

# haproxy-template
short template for certbot dns-01 with auto renew (Alpine 3.19 / LXC Proxmox)
## Installation
Add Edge Repos to /etc/apk/repositories
```sh
cat <<EOF >> /etc/apk/repositories
@edge https://dl-cdn.alpinelinux.org/alpine/edge/main
@edgecommunity https://dl-cdn.alpinelinux.org/alpine/edge/community
@edgetesting https://dl-cdn.alpinelinux.org/alpine/edge/testing
EOF
```
Update system & install utils
```sh
apk update && apk upgrade && apk add nano
```
Make Folder structure
```sh
cd && mkdir -p /storage/certs && mkdir -p /storage/cf-tokens && mkdir -p /storage/hooks && chmod 777 -R /storage
```
Install haproxy and cloudflare-dns
```sh
apk add haproxy certbot@edgecommunity certbot-dns-cloudflare@edgecommunity
```
Add custom scripts and default haproxy config
```sh
mkdir -p /etc/haproxy && rm /etc/haproxy/haproxy.cfg && mkdir -p /etc/haproxy/ssl
wget https://git.hackmi.ch/Phil/haproxy-template/raw/branch/main/haproxy.cfg -O /etc/haproxy/haproxy.cfg
wget https://git.hackmi.ch/Phil/haproxy-template/raw/branch/main/genscripts.sh
chmod 777 -R /etc/haproxy && chmod 7777 -R genscripts.sh
```
Add haproxy to startup and certbot autorenew to weekly
```sh
rc-update add haproxy
cat <<EOF >> /etc/periodic/weekly/certbot-renew
#!/bin/sh
certbot renew
EOF
chmod 777 /etc/periodic/weekly/certbot-renew && chmod +x /etc/periodic/weekly/certbot-renew
```
Add first SSL cert (DNS-Challange) [Cloudflare] [https://developers.cloudflare.com/fundamentals/api/get-started/create-token/]
!! IMPORTANT !! -> THIS WILL GENERATE AN SNI WILDCARD (domainwithsslredirect.de, *.domainwithsslredirect.de)
```sh
./genscripts.sh domainwithsslredirect.de YOUR-API-TOKEN
```
Edit your haproxy config
```sh
nano /etc/haproxy/haproxy.cfg
# Change domainwithsslredirect.de with your url
# Change service domainxyz to your desire in frontend https and backend
# Adjust server web1 10.10.10.10:80 to your destination
```
Restart or reload haproxy
```sh
service haproxy restart
or
service haproxy reload
```
Profit