Peter Baldwin wrote:
Nick Howitt wrote:
When flex-443.conf picks up the certificates, is there any reason for using the fullchain.pem file as the chain file and not chain.pem? The fullchain.pem is a combined cert.pem and chain.pem and you are already picking up cert.pem as the SSLCertificateFile.
Right again Nick! I pushed that change through git last week - https://github.com/eglooca/app-lets-encrypt/commit/cd882a9e7b2d4369f3ad69aff969c16f3a944b51#diff-8e7476918fbf8094bf778783de7dbf30
Please notice that the "correct" certificate file is "fullchain.pem" not "cert.pem". Please have a look at the README file generated by certbot:
Also, in the crontab script above, the "fullchain.pem" is copied to /etc/clearos/certificate_manager.d/domain.crt
Thank you so much Fredrik; you saved my day!
Your config file works flawlessly with cups in clearOS 7.3. You presented this fix a year and half ago and I'm wondering why it hasn't taken its place in the new versions of clearOS?!
I tested the Web Access Control app and it didn't fulfill my requirements. Squid in transparent mode cannot control access to secured sites (https). And in non-transparent mode, it brings more problems than it solves!
I hope for the iptables to work with time matching, as it's my last solution to implement time-controlled access. (My Asus router has parental control only in router mode and I'm currently operating it in access mode with cleaOS)
By the way, I'm aware of the possibility to do parental control with iptables using crontab, but I want to minimize my access to the shell as much as possible. This is why I chose to use the Customer Fire app to do this task.
After giving up with squid and removing the Proxy app, I switched to iptables and have been trying to utilize the Customer Firewall app. My purpose is to control my kids' access to the Internet.
I started with a simple rule, such as:
, and it worked. So, I impeded the access for a certain period of time: , but this did not work!
I searched the forum to know why it did not work. I found the following post saying the time matching was not supported in iptables for COS 5, but it came later in COS 6.1.
I'm wondering now if this feature was later removed from COS and is not longer supported?
Thanks for the suggestion Nick.
I've been trying to do it the easy way, but without any luck so far! I created a virtual interface with an IP address. Then, I added that IP to the ibVPN app, so it gets routed via the VPN link. After that, I ran the "wget" command and bonded it to the virtual IP like this:
In addition to bind, I also tried other tools as mentioned here: https://superuser.com/questions/241178/how-to-use-different-network-interfaces-for-different-processes
I even assigned a namespace to the virtual interface, and tried to execute the "wget" using iproute2 like the following:
Non of my trials worked. I'll keep experimenting and see
Strange! I tested it with dnsomatic.com first but it didn't work. It always shows Error status!
As for the VPN IP, yes I'm using the ClearOS app for ibVPN, which is similar to OpenVPN as you descried it. I think I need to read more about iptables in order to be able to do it
In case that Access Control List (ACL) rules are defined based on IP or MAC addresses only, then can they be enforced with a transparent proxy server?
Unfortunately, ddclient did not work for me. I even tried some Windows clients, but they all couldn't update 'enom' domains.
As for the ibVPN, I'm trying to fetch the internet IP assigned to me by ibVPN. One way I'm thinking of is to route inquiries to checkip.dyndns.org via the VPN. This could be done using 'ip aliasing' maybe or some other technique.
Login to the graphical console (in your PC). Go to Network->Settings->IP Settings. Edit your LAN interface, make it Static and manually assign it an address.
Now, you can login to the clearOS computer from any other device connected your network, just by visiting https://the_ip_address_you_entered:81