74 lines
2 KiB
Markdown
74 lines
2 KiB
Markdown
# haproxy-template
|
|
|
|
short template for certbot dns-01 with auto renew (Alpine 3.19 / LXC Proxmox)
|
|
|
|
## Installation
|
|
|
|
Add Edge Repos to /etc/apk/repositories
|
|
```sh
|
|
cat <<EOF >> /etc/apk/repositories
|
|
@edge https://dl-cdn.alpinelinux.org/alpine/edge/main
|
|
@edgecommunity https://dl-cdn.alpinelinux.org/alpine/edge/community
|
|
@edgetesting https://dl-cdn.alpinelinux.org/alpine/edge/testing
|
|
EOF
|
|
```
|
|
|
|
Update system & install utils
|
|
```sh
|
|
apk update && apk upgrade && apk add nano
|
|
```
|
|
|
|
Make Folder structure
|
|
```sh
|
|
cd && mkdir -p /storage/certs && mkdir -p /storage/cf-tokens && mkdir -p /storage/hooks && chmod 777 -R /storage
|
|
```
|
|
|
|
Install haproxy and cloudflare-dns
|
|
```sh
|
|
apk add haproxy certbot@edgecommunity certbot-dns-cloudflare@edgecommunity
|
|
```
|
|
|
|
Add custom scripts and default haproxy config
|
|
```sh
|
|
mkdir -p /etc/haproxy && rm /etc/haproxy/haproxy.cfg && mkdir -p /etc/haproxy/ssl
|
|
wget https://git.hackmi.ch/Phil/haproxy-template/raw/branch/main/haproxy.cfg -O /etc/haproxy/haproxy.cfg
|
|
wget https://git.hackmi.ch/Phil/haproxy-template/raw/branch/main/genscripts.sh
|
|
chmod 777 -R /etc/haproxy && chmod 7777 -R genscripts.sh
|
|
```
|
|
|
|
Add haproxy to startup and certbot autorenew to weekly
|
|
```sh
|
|
rc-update add haproxy
|
|
|
|
cat <<EOF >> /etc/periodic/weekly/certbot-renew
|
|
#!/bin/sh
|
|
|
|
certbot renew
|
|
EOF
|
|
|
|
chmod 777 /etc/periodic/weekly/certbot-renew && chmod +x /etc/periodic/weekly/certbot-renew
|
|
```
|
|
|
|
Add first SSL cert (DNS-Challange) [Cloudflare] [https://developers.cloudflare.com/fundamentals/api/get-started/create-token/]
|
|
!! IMPORTANT !! -> THIS WILL GENERATE AN SNI WILDCARD (domainwithsslredirect.de, *.domainwithsslredirect.de)
|
|
```sh
|
|
./genscripts.sh domainwithsslredirect.de YOUR-API-TOKEN
|
|
```
|
|
|
|
Edit your haproxy config
|
|
```sh
|
|
nano /etc/haproxy/haproxy.cfg
|
|
|
|
# Change domainwithsslredirect.de with your url
|
|
# Change service domainxyz to your desire in frontend https and backend
|
|
# Adjust server web1 10.10.10.10:80 to your destination
|
|
```
|
|
|
|
Restart or reload haproxy
|
|
```sh
|
|
service haproxy restart
|
|
or
|
|
service haproxy reload
|
|
```
|
|
|
|
Profit
|