• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: July 3rd, 2023

help-circle
  • TheDevil@lemmy.worldtoSelfhosted@lemmy.worldRouters
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Hasn’t been an issue for me. HA would only be depending on Opnsense for a DHCP lease so assuming you have reasonable lease times it’ll just pick up where it left off.

    Without checking I would imagine you could just set a delay for the HA container to make sure opnsense can start first, if it does become an issue.


  • TheDevil@lemmy.worldtoSelfhosted@lemmy.worldRouters
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I use an N5105 generic mini pc running proxmox and opnsense. You can get them fairly cheaply from Aliexpress. They’re particularly low power and come with 4-6 gigabit network ports. I have two containers, the second of which hosts my Home Assistant instance. As an added bonus they often don’t have a fan.

    For wifi I use Ubiquity wifi 6 Lite APs with the controller running under home assistant.


  • You can ignore the windows machine unless it’s using nfs, it’s not relevant.

    Your screenshot suggests my guess was incorrect because you do not have any authorised Networks or Hosts defined.

    Even so if it was me I would correctly configure authorised hosts or authorised networks just to rule it out, as it neatly explains why it works on one container but not another. Does the clone have the same IP by any chance?

    The only other thing I can think for you to try is to set maproot user/group to root/wheel and see if that helps but it’s just a shot in the dark.



  • If your only goal is working https then as the other comment correctly suggests you can do DNS-01 authentication with Let’s Encrypt + Certbot + Some brand of dyndns

    However the other comment is incorrect in stating that you need to expose a HTTP server. This method means you don’t need to expose anything. For instance if you do it with HA:

    https://github.com/home-assistant/addons/blob/master/letsencrypt/DOCS.md

    Certbot uses the API of your DDNS provider to authenticate the cert request by adding a txt record and then pulls the cert. No proxies no exposed servers and no fuss. Point the A record at your Rfc1918 IP.

    You can then configure your DNS to keep serving cached responses. I think though that ssl will still be broken while your connection is down but you will be able to access your services.

    Edit to add: I don’t understand why so many of the HTTPS tutorials are so complicated and so focused on adding a proxy into the mix even when remote access isn’t the target.

    Cert bot is a shell script. It asks the Lets Encrypt api for a secret key. It adds the key as a txt record on a subdomain of the domain you want a certificate for. Let’s encrypt confirms the key is there and spits out a cert. You add the cert to whatever server it belongs to, or ideally Certbot does that for you. That’s it, working https. And all you have to expose is the rfc1918 address. This, to me at least, is preferable to proxies and exposed servers.