The original poster is using pfsense to talk to Cloudflare's API, it sound like you could do some interesting things with it.
The original poster is using pfsense to talk to Cloudflare's API, it sound
like you could do some interesting things with it.
I've got a small container which checks every 5 minutes if my home IP has changed and calls Cloudflare's API to update the wildcard A record for my domain.
I found an interesting article on Reddit about a home lab user using the home/free tier of Cloudflare for their network.
On top of the usual DDOS stuff, they handle SSL and proxying to HTTP/HTTPS for your facing services, provide DNS for your domain, allow access to their CDN, and you get to hide your home IP in the process.
There's a lot of analytics, I'm just starting to play with that now.
The original poster is using pfsense to talk to Cloudflare's API, it sounds like you could do some interesting things with it.
Definitely worth checking into, I'd started setting up a reverse proxy on my network, mostly to handle LetsEncrypt renewals, but this would render that moot as well as add some other features.
... The neuroanatomy of fear and faith share common afferent pathways.
lynx769 wrote to poindexter FORTRAN <=-
With the wildcard, I just spin up a new service and have a valid certificate issued automatically and be in business. The only downside
is that Cloudflare can't proxy wildcard records so I lose the proxy benefit though.
Nelgin wrote to lynx769 <=-
I have nsupdate running on my router which runs openwrt. It will automatically update my DNS without having to check every so often.
It's nice and quick.
I'm new to the cert game. I assumed that LetsEncrypt couldn't do wildcards If they did, I could replace all of the standalone LE instances with the reverse proxy server I want to build. But, then I wouldn't need the proxy server, as it's going to be there to allow my internal hosts to renew thei LE certificates. :)
lynx769 wrote to poindexter FORTRAN <=-
more nodes. My blog goes into more details about my set up if you are interested. I started it as a way to document what doing as I was
learning about "cloud native" technologies and gitops.
What's your blog's address? I'd love to read it.
lynx769 wrote to poindexter FORTRAN <=-
What's your blog's address? I'd love to read it.
https://blog.lachlanlife.net
I'm new to the cert game. I assumed that LetsEncrypt couldn't do wildcards. If they did, I could replace all of the standalone LE instances with the reverse proxy server I want to build. But, then I wouldn't need the proxy server, as it's going to be there to allow my internal hosts to renew their LE certificates. :)
What are you using as a reverse proxy? I am planning on using nginx, only because I've recently used it at work to proxy some servers behind a single IP.
Sysop: | neur0mancer |
---|---|
Location: | Colorado Springs, CO |
Users: | 24 |
Nodes: | 10 (0 / 10) |
Uptime: | 227:36:11 |
Calls: | 280 |
Messages: | 61,601 |