@gertjan said in Add SSL DH Parameters:
You can use this script to 'coook' something for yourself.
There is a commented line that shows where I 'cat' the RSA4096 DH file to the cert.pem file.
you can find the latest cert version in a known place.
Btw : some more investigation will be needed, as : where does the HA proxy startup code gets the cert info from when preparing for a HA Proxy start ?
In the past, the trick of modifying the main 'cert.pem' was used by many processes, but these days, as my apache2 example, it has become a separate setting in a config file.
I hope "Domoticz" will also adopt that method.
See the wiki page again : Domoticz has its own deploy script : you can also use that one as an example.
Thanx for the example man, very interesting!
Sadly my linux skills are like "trial and error" ;-)
Especially (secured) SSL is quite difficult to understand
Domoticz has a build-in HTTP (9090) and HTTPS (443) server and also the possibilty to pass the login inside the local network with an option in the settings: 192.168.1.*.
This allows all computers inside the local network, starting with this ip address, to pass the login of domoticz.
The problem with this login pass option is that also the outside world doesn't have to login because of the HTTP connection in the backend of HAproxy. Therfore I currently did not set this option to protect the webapplication.
On the other hand the advantage of the current configuration allows me to turn off the HTTPS 443 ssl connection in the startup file of domoticz (I just figured out). This way I don't get certificate and https errors in domoticz anymore because everything is handled by the HAproxy server and ACME
I have to think about it, thanx anyway for the info!