Hi all
I'm still new to FreeBSD. But I torture my Home-Lab as much as I can, to learn as much as possible.
I started learning about Jails.It's a great concept, and now I use Bastille to manage Jails and in general it works superb.
Here's my new goal I set for myself:
1. Setup a FreeBSD server on my old laptop (192.168.0.40)
2. Configure pf on server according the docs from Bastille to allow ssh and dynamic rdr for the Bastille Jails
(doublechecked and works)
3. Create a Jail with Bastille, 10.0.0.50 (bwarden, as synonym for the Bitwarden aka Vaultwarden)
4. Install Vaultwarden in the "bwarden" Jail, enable & start vaultwarden service.
Checked listening port with sockstat -4, which shows me that Vaultwarden is listening on port 8000
OK, so far so good. Next:
5. On the server, route the incoming traffic at port 8000 to the bwarden jails port 8000, where vaultwarden is listening
(bastille rdr bwarden tcp 8000 8000) and restart the jail.
Check with "curl 10.0.0.50:8000", jep, returns the vaultwarden homepage HTML code, so it works.
From FireFox, accessing the server (192.168.0.40:8000), I get to the vaultwarden sign-up page.
So, that all is working fine and I'm very happe so far ;-)
New Challange:
Pre-Information:
- my pfsense with HAProxy & DNS-Server: 192.168.10.1
- my WLAN Router: 192.168.0.1 (GW: 192.168.10.1)
- my FreeBSD-Server with the vaultwarden Jail: 192.168.0.40 (it's the Laptop on WLAN)
- my Clients, accessing the FBSD-Server: 192.168.0.50 / 192.168.10.20
OK, now, I want to secure the connection to HTTPS by the HAProxy on my pfsense.
I explicitly don't want to use Nginx or any other proxy like caddy or rocket from within the vaultwarden jail.
I have setup already multiple services within pfsense and I use DNS and HAProxy successfully in my Home-Lab.
For example, I have SSL-Offloading for my Docker projects and an OpenMediaVault server.
So, in general I know how to create HTTPS connections, and how to use DNS, with pfsense.
Except for the new vaultwarden in the bwarden Bastille Jail, I have the following problem:
Even though I have configured everything in pfsense to redirect port 8000 (pfsense FrontEnd) to SSL-Offload and forward it to the FBSD-Server at Port 8000 in the pfsense-BackEnd, I only get the unencrypted HTTP page from vaultwarden. So, the chain looks like this:
From any client in my Network (FireFox, Chrome, Safari)
>> bwarden.mydomain.com:8000
>> is picked up by
>> pfsense HAProxy FrontEnd (SSL-Offloading) which uses
>> pfsense HAProxy Backend, to forward to
>> FBSD Server at 192.168.0.40:8000, which redirects (bastille rdr...) port 8000 to the
>> Bastille jail:8000 and get picked up by
>> vaultwarden on Port 8000
I'm floored, because every other service I've setup, like Docker, or Non-Docker is working perfectly with the pfsense DNS/HAProxy config.
I hope someone can enlighten me and fill the gap in my understanding.
Many thanks in advance.
I'm still new to FreeBSD. But I torture my Home-Lab as much as I can, to learn as much as possible.
I started learning about Jails.It's a great concept, and now I use Bastille to manage Jails and in general it works superb.
Here's my new goal I set for myself:
1. Setup a FreeBSD server on my old laptop (192.168.0.40)
2. Configure pf on server according the docs from Bastille to allow ssh and dynamic rdr for the Bastille Jails
(doublechecked and works)
3. Create a Jail with Bastille, 10.0.0.50 (bwarden, as synonym for the Bitwarden aka Vaultwarden)
4. Install Vaultwarden in the "bwarden" Jail, enable & start vaultwarden service.
Checked listening port with sockstat -4, which shows me that Vaultwarden is listening on port 8000
OK, so far so good. Next:
5. On the server, route the incoming traffic at port 8000 to the bwarden jails port 8000, where vaultwarden is listening
(bastille rdr bwarden tcp 8000 8000) and restart the jail.
Check with "curl 10.0.0.50:8000", jep, returns the vaultwarden homepage HTML code, so it works.
From FireFox, accessing the server (192.168.0.40:8000), I get to the vaultwarden sign-up page.
So, that all is working fine and I'm very happe so far ;-)
New Challange:
Pre-Information:
- my pfsense with HAProxy & DNS-Server: 192.168.10.1
- my WLAN Router: 192.168.0.1 (GW: 192.168.10.1)
- my FreeBSD-Server with the vaultwarden Jail: 192.168.0.40 (it's the Laptop on WLAN)
- my Clients, accessing the FBSD-Server: 192.168.0.50 / 192.168.10.20
OK, now, I want to secure the connection to HTTPS by the HAProxy on my pfsense.
I explicitly don't want to use Nginx or any other proxy like caddy or rocket from within the vaultwarden jail.
I have setup already multiple services within pfsense and I use DNS and HAProxy successfully in my Home-Lab.
For example, I have SSL-Offloading for my Docker projects and an OpenMediaVault server.
So, in general I know how to create HTTPS connections, and how to use DNS, with pfsense.
Except for the new vaultwarden in the bwarden Bastille Jail, I have the following problem:
Even though I have configured everything in pfsense to redirect port 8000 (pfsense FrontEnd) to SSL-Offload and forward it to the FBSD-Server at Port 8000 in the pfsense-BackEnd, I only get the unencrypted HTTP page from vaultwarden. So, the chain looks like this:
From any client in my Network (FireFox, Chrome, Safari)
>> bwarden.mydomain.com:8000
>> is picked up by
>> pfsense HAProxy FrontEnd (SSL-Offloading) which uses
>> pfsense HAProxy Backend, to forward to
>> FBSD Server at 192.168.0.40:8000, which redirects (bastille rdr...) port 8000 to the
>> Bastille jail:8000 and get picked up by
>> vaultwarden on Port 8000
I'm floored, because every other service I've setup, like Docker, or Non-Docker is working perfectly with the pfsense DNS/HAProxy config.
I hope someone can enlighten me and fill the gap in my understanding.
Many thanks in advance.
