LXC Container (public IPv6 only) with Debian12 and Zabbix > Cloudflare certificates

C

cpulove

Member
Jul 12, 2024
75
4
8
I need some help, regarding to ssl my LXC Container with Zabbix (directly on Debian, no docker) and DNS proxy on cloudflare and SSL Security.

For context:

I run a debian 12 LXC container with an IPv6 only setup and apache as a webserver.
My network setting:

Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet6 static
        address xxxx:xxxx:x:xxx::5/64
        gateway xxxx:xxxx:x:xxx::1

auto eth1
iface eth1 inet static
        address 192.168.0.45/24
        gateway 192.168.0.1


DNS record is: monitor.mydomain.xy >>with IPv6>> xxxx:xxxx:x:xxx::5
This works so far, but as expected without SSL.

With Cloudflares DNS proxy at monitor.mydomain.xy > xxxx:xxxx:x:xxx::5, this container gets a public cloudlflare IPv4 and IPv6.

Also docker is running with portainer and and nginx proxy manager.

NPM docker is setup as followed and works:

Code: 
services:
  app:
    image: 'jc21/nginx-proxy-manager:latest'
    restart: unless-stopped
    ports:
      - '180:80' # Public HTTP Port
      - '1443:443' # Public HTTPS Port
      - '181:81' # Admin Web Port
    environment:
      DB_MYSQL_HOST: "db"
      DB_MYSQL_PORT: 3306
      DB_MYSQL_USER: "admin"
      DB_MYSQL_PASSWORD: "xyz"
      DB_MYSQL_NAME: "npm"
    volumes:
      - data:/data
      - letsencrypt:/etc/letsencrypt
    depends_on:
      - db

  db:
    image: 'jc21/mariadb-aria:latest'
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: 'npm'
      MYSQL_DATABASE: 'npm'
      MYSQL_USER: 'admin'
      MYSQL_PASSWORD: 'xyz'
    volumes:
      - mysql:/var/lib/mysql

volumes:
  data:
  letsencrypt:
  mysql:


Unfortunately I am not able to setup a reverse proxy with SSL cloudflare dns challenge in Nginx Proxy Manager. NPM is not able to sing a certificate.
I guess the Problem maybe is, that zabbix runs natively on Debian12 and not as docker in the docker network?
As Cloudflares DNS Proxy is on for domain and IPv6, I need to install a cloudflare origin certificate on the LXC.

So my question:
What is best practice here, to install a ssl certificate in an LXC container with cloudflare proxy on?
I use a cloudflare origin cerificate for the main domain on my plesk server, so private key and cert key are created and available.

I did not find a propper guide, that fits my scenario, so help would be warmly welcome. :-)

Thx in advance!
 
I was able now, to install the certificate manually and directly via apache2 > sites-available config.


Code: 
<VirtualHost *:80>

    ServerAdmin webmaster@example.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    RewriteEngine on
    RewriteCond %{SERVER_NAME} =example.com [OR]
    RewriteCond %{SERVER_NAME} =www.example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

</VirtualHost>

<VirtualHost *:443>

    ServerAdmin webmaster@example.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    # SSL Certificate from Cloudflare
    SSLCertificateFile /etc/cloudflare/example.com.pem
    # Private Key from Cloudflare
    SSLCertificateKeyFile /etc/cloudflare/example.com.key

</VirtualHost>

But I really would like to know how to do it properly in a Proxmox LXC or VM, where Nginx Proxy Manager runs as docker and the certificate is installed from there.
 
Last edited:
You must log in or register to reply here.
Top Bottom