yes that would be possible to create a wildcard certificate using cerbot. However you need to be able to mange your DynDNS record and add a TXT record under the name _acme-challenge. There are a couple of guides on the web how this could be archived.
I followed the instructions but the commands couldn’t find the haproxy binary. I tried restarting the service again but it gave me the file not found error:
● haproxy.service - HAProxy Load Balancer
Loaded: loaded (/etc/systemd/system/haproxy.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2020-06-09 12:58:26 BST; 5s ago
Process: 1009 ExecStartPre=/usr/local/sbin/haproxy -f $CONFIG -c -q $EXTRAOPTS (code=exited, status=203/EXEC)
Jun 09 12:58:25 Ouroboros systemd[1009]: haproxy.service: Failed at step EXEC spawning /usr/local/sbin/haproxy: No such file or directory
Jun 09 12:58:25 Ouroboros systemd[1]: haproxy.service: Control process exited, code=exited, status=203/EXEC
Jun 09 12:58:25 Ouroboros systemd[1]: haproxy.service: Failed with result 'exit-code'.
Jun 09 12:58:25 Ouroboros systemd[1]: Failed to start HAProxy Load Balancer.
Jun 09 12:58:26 Ouroboros systemd[1]: haproxy.service: Service RestartSec=100ms expired, scheduling restart.
Jun 09 12:58:26 Ouroboros systemd[1]: haproxy.service: Scheduled restart job, restart counter is at 5.
Jun 09 12:58:26 Ouroboros systemd[1]: Stopped HAProxy Load Balancer.
Jun 09 12:58:26 Ouroboros systemd[1]: haproxy.service: Start request repeated too quickly.
Jun 09 12:58:26 Ouroboros systemd[1]: haproxy.service: Failed with result 'exit-code'.
Jun 09 12:58:26 Ouroboros systemd[1]: Failed to start HAProxy Load Balancer.
ok I had a look to the installation process and it seems some issues with the current one. At least for me it’s giving the following error
make: *** [Makefile:857: haproxy] Error 1
strip: 'haproxy': No such file
Please run 'make' before 'make install'.
make: *** [Makefile:899: install-bin] Error 1
the software is compiled during installation and this did not finished. Therefore haproxy is not created and missing. Anyway I found that there is a newer version of haproxy availably than installed by DietPi. To get this version you would need to update one of the DietPi scripts. As this is a huge script, I recommend to use the search function inside the code.
nano /boot/dietpi/dietpi-software
Go-to line 4276 and adjust version=‘2.1.7’. Once done, safe the file and reinstall haproxy
dietpi-software reinstall 98
On my system, installation finished without error now
I can use the haproxy command! We’re getting somewhere. Now it’s just a config problem on my end, as per the validation command. Will let you know if I get it working!
Alright, so it looks like it’s working! HaProxy is passing example.com connections to port 8080, where lighttpd is.
I only have two problems now:
I might use SSL pass-through instead of SSL termination for my servers. This would mean I’d only need to run certbot once for each subdomain used and not have to manually renew it. However, it also means that I need to set up lighttpd to use SSL on port 8080, somehow.
I’m having a problem getting my gitea instance seen by haproxy. It’s set to pass through git.example.com connections to port 3000, but I don’t know if I’ve done it right as it’s just passing it through to lighttpd.
Any tips for any of this? I’d really appreciate it. Also, thanks a lot for sticking with me through all of this. I really hope this isn’t getting annoying!
It’s still not routing git.example.com to 127.0.0.1:3000… It seems like it’s not reading the domain properly. Is there any help you can give there, or should I go to a different forum for specifically HaProxy stuff?
It has suddenly struck me that Gitea is still using the normal domain (example.com:3000), rather than its subdomain (git.example.com), as well as using HTTPS on port 3000. Might it be redirecting to the top domain, which then sends it to lighttpd through HaProxy?