Change HaProxy for nginx


#1

If I want to remove HaProxy (from default Octopi installation) and use nginx instead:

Can i just remove HaProxy, install Nginx and use the config from here (https://discourse.octoprint.org/t/reverse-proxy-configuration-examples/1107) ?

I want to use nginx for Lets Encrypt and (as I understand) you can change the port for the LE challenge...


#2

You can also use LE with haproxy by adding update pre and post-hooks that shut down and restart haproxy during the LE session. I do this on my router running OpenWRT but there's no reason it shouldn't work on the RPi.

My pre-hook looks like:

#!/bin/sh
echo "Stopping haproxy"
/etc/init.d/haproxy stop
return 0

and my post-hook looks like:

#!/bin/sh
echo "Restarting haproxy"
cat ${ACMEROOT}/${DOMAIN}/fullchain.cer ${ACMEROOT}/${DOMAIN}/${DOMAIN}.key >${CERTDIR}/combined.pem
cp ${ACMEROOT}/${DOMAIN}/${DOMAIN}.cer ${CERTDIR}/cert.pem
cp ${ACMEROOT}/${DOMAIN}/fullchain.cer ${CERTDIR}/fullchain.pem
cp ${ACMEROOT}/${DOMAIN}/${DOMAIN}.key ${CERTDIR}/privkey.pem
cp ${ACMEROOT}/${DOMAIN}/ca.cer ${CERTDIR}/ca.pem
/etc/init.d/haproxy start
/etc/init.d/uhttpd restart
return 0

(the post-hook also massages the certificates to be in the format haproxy wants them to be in).
In my LE .conf file for my domain I have the following:

Le_PreHook='/root/cert_update_pre_hook.sh'
Le_PostHook='/root/cert_update_post_hook.sh'

to make everything work, and I use the --standalone option to acme.sh to make it start up a standalone server for the authentication.