From 753f72b862e1cbeca98d437e415c01881bfd8b51 Mon Sep 17 00:00:00 2001
From: Gitea Actions <actions@local>
Date: Mon, 20 Oct 2025 09:31:36 +0000
Subject: [PATCH] Auto-update blog content from Obsidian: 2025-10-20 09:31:36

---
 ...migration-opnsense-proxmox-highly-available.md | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/content/post/13-migration-opnsense-proxmox-highly-available.md b/content/post/13-migration-opnsense-proxmox-highly-available.md
index d9af8f0..a9863b8 100644
--- a/content/post/13-migration-opnsense-proxmox-highly-available.md
+++ b/content/post/13-migration-opnsense-proxmox-highly-available.md
@@ -328,8 +328,21 @@ There are two types of redirections, the `Reverse Proxy` and the `Layer4 Proxy`.
 
 #### HTTPS Proxy
 
-In `Services` > `Caddy` > `Reverse Proxy`, I define the services directly managed by Caddy
+In `Services` > `Caddy` > `Reverse Proxy`, I define the services directly managed by Caddy.
 
+These services should not be exposed to everyone. In the `Access` tab, I create a list, called `Internal`, of allowed networks, including my LAN and VPN networks.
+
+Then in the `Domains` tab, I add my domains. For example, this is here I define `cerbere.vezpi.com`, my URL to reach my OPNsense WebGUI:
+- **Enable**: Yes
+- **Protocol**: `https://`
+- **Domain**: `cerbere.vezpi.com`
+- **Port**: leave empty
+- **Certificate**: Auto HTTPS
+- **Description**: OPNsense
+- **Access List**: `Internal`
+- **HTTP Access Log**: Enabled
+
+Finally in the `Handlers` tab, I define to which upstream these domains are forwarded to.
 
 ### mDNS Repeater