Enable HTTPS with Let’s Encrypt DNS-01 Challenge in Traefik on Kubernetes
This post builds on my previous guide: Self-Managed Kubernetes Cluster on AWS (with Traefik & MetalLB) If you haven’t set […]
Kubernetes, Let's Encrypt
HAProxy, OPNsense
Set Up HAProxy for TLS Passthrough with SNI Routing on OPNsense
In this guide, we’ll configure HAProxy on OPNsense to support TLS passthrough with SNI-based routing. This allows secure HTTPS traffic
Jenkins, Kubernetes
Run Dynamic Jenkins Agents in a Kubernetes Cluster
Generate the jenkins-kubeconfig.yaml: Sample pipeline using Kubernetes agent: Jenkins will now spin up pods in Kubernetes to execute jobs
AWS EC2, Kubernetes
Use Amazon EBS as Persistent Storage in a Self-Managed Kubernetes Cluster on EC2
Then, attach this instance profile to your EC2 instances Create a PersistentVolumeClaim (PVC) using the new StorageClass: Create a Pod
AWS EC2, Kubernetes
Self-Managed Kubernetes Cluster on AWS (with Traefik & MetalLB)
Architecture Overview: Edit /etc/containerd/config.toml and ensure: Set up kubectl: Configure MetalLB (10.0.128.240 is a secondary IP added to your control-plane
OPNsense, WireGuard
WireGuard VPN on OPNsense 25.1
PART 1 — Set Up WireGuard on OPNsense PART 2 — Generate Client Key Pair & Config (Using OPNsense Peer
AWS EC2, BIND, OPNsense
Configure BIND on OPNsense 25.1 as Internal DNS Server for AWS VPC
Overview Component Value Internal domain maksonlee.com DNS server IP 10.0.128.4 (OPNsense LAN IP) System DNS 127.0.0.1 (loopback) Forwarder AWS DNS
Let's Encrypt, OPNsense
Let’s Encrypt on OPNsense 25.1 Using DNS-01 with Cloudflare
You’ll need this to allow OPNsense to modify DNS records for validation. You may need to re-login to the WebGUI
AWS EC2, OPNsense
Deploy OPNsense 25.1 Nano on AWS
Architecture Overview: Interface Subnet Private IP Public IP WAN (ena0) test-subnet-public1-ap-south-1a 10.0.0.4 Yes LAN (ena1) test-subnet-private1-ap-south-1a 10.0.128.4 No ⚠️ Do