Hi and thanks for helping, I have looked around but can’t find a clear answer to what I need to achieve
currently have example.com which has a few subdomains attached
I purchased my domain through Cloudflare and currently use the example. com and *.example. com SSL certificates it provides.
the current flow of traffic:
browser > Cloudflare (CF) > router > nginx proxy manager (NPM) > service
This is all working fine, NPM splits traffic to the web service and other services (like portainer [currently portainer.example. com]) as needed.
I would like to install teleport so that I can securely access web UI is and admin consoles publicly. The teleport login dashboard would be located on cloud.example. com and each individual Web UI Will have an extension of this [portainer.cloud.example. com].
Traffic would follow this same path as before and NPM will send all requests to [cloud.example. com] and [*.cloud.example. com] to teleport service
The problem I have is the SSL certificate provided by Cloudflare only covers [example. com] and [*example. com]whereas I need it to cover [*.cloud.example. com]. I have used the let’s encrypt feature built into NPN to generate a wildcard certificate for [*.cloud.example. com].
Everything appears to be working however whenever you visit a subdomain of cloud.example. com there is an SSL error.
So obviously I would like to know how to either:
A. Install another certificate on Cloudflare
B. tell it to bypass all traffic for cloud.example. com
I cannot upgrade from the free version of Cloudflare and have considered letting NPM manage all SSL and disabling the Cloudflare SSL (keeping proxy enabled)
Is it possible to do this and what basic steps would I have to go about?
sorry for the long post hope the diagrams help (can only post one at a time) awaiting any responses
thanks.
