this post was submitted on 09 Aug 2023
9 points (100.0% liked)

Selfhosting

201 readers
1 users here now

All things selfhosting and homelab related Resources: - https://github.com/awesome-selfhosted/awesome-selfhosted - https://github.com/awesome-foss/awesome-sysadmin

founded 2 years ago
9
How are people doing HTTPS? (kbin.social)
submitted 1 year ago by [email protected] to c/[email protected]
20 comments fedilink hide all child comments
 

I have a PC I have installed Portainer on, with various docker services (home assistant, jellyfin, etc..) with an ISP supplied router fixing various device IP addresses and reaching out to dyndns.

I really want to move everything over to HTTPS connections by supplying certificates, tls termination, etc .
The issue I have is self signed certificates mean I have to manage certificate deployment to everything in the house.

I figure I need to link a domain to the DynDNS entry and arrange certs for the domain. However I can't make the link function and everywhere wants >£100 to generate a certificate.

How are people solving this issue?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago (1 children)

Pretty much everyone uses Let's Encrypt for their certs. They are free, and often built in to your reverse proxy.

Since you have multiple services, I'll assume you have a reverse proxy set up. So just google Let's Encrypt and the name of your reverse proxy and you should find a tutorial.

I'm not sure how using DynDNS impacts on this. If you have your own domain, use Cloudflare Tunnels. You install the software on your server, and it keeps a connection to Cloudflare. No port forwarding, no problems with IP addresses, you can use it behind CGNAT. It also will provide SSL for you for the browser to Cloudflare part, but I highly recommend still setting up Let's Encrypt for the Cloudflare to Server part.

[–] [email protected] 1 points 1 year ago

I don't use DynDNS but I do have two HAProxy servers, one locally and the other on a VPS. The VPS has a cron job that renews the certs every three weeks, and my local server rsyncs them to the right place every so often.

Then, on my pihole I send requests for my services to the local IP but on the same domain. Because the certs are looking at the domain name and not the IP the cert is valid both on my LAN and from the Internet.