78
HTTPS on homelab (just locally)
(lemmy.world)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 07 Jul 2024
78 points (98.8% liked)
Selfhosted
37939 readers
430 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 1 year ago
MODERATORS
Reverse proxy and letsencrypt. Doing custom certificates is more difficult and you would need to install and trust the certificate on all devices.
This assumes ownership of a domain if I'm not mistaken.
Otherwise, yes this is the easiest way.
There are dyndns providers that support the DNS challenge that have free tiers. Those are sufficient, and you can even get wildcard certs for your subdomain that way. Perfectly sufficient for a homelab.
desec.io
Yes exactly. I didn't wanna name-drop them cause they are closed for new dynDNS signups. You can create an account to manage your own domain, but you currently can't signup for their dynDNS service, unfortunately.
That being said, I would still highly recommend them for managing your own domain, if you're looking for a place to host literally just the DNS part.
If needed you could use a subdomain from a free dyndns provider. And if you're going to be self hosting stuff having your own domain is probably good anyway.
I agree. Get a domain name, point it to the internal address of your NGINX Proxy manager (or other reverse proxy that manages certificates that you are used to). A bit of work initially, then trivial to add services afterwards.
I didn't really need encryption for my internal services (although I guess that's good), but I kept getting papercuts with browser warnings, not being able to save passwords, and some services (eg container repository on Forgejo) just flat out refusing to trust a http connection.
Yeah I guess installing a root CA cert (or an Intermediate, depending on how complex your setup is) and automatically rotating certs upon expiry isn't the most trivial thing. With that said, dekstop linux/windows isn't a problem. You could theoretically do it on iOS too. Android recently has completely broken this method, however, and there's a fair few hoops one must jump over to insert a root CA into the Android trust store on Android 13 and later. I'd like find a way to do it just for browsers on Android using adb if possible