this post was submitted on 16 Mar 2024
12 points (100.0% liked)

Selfhosted

40437 readers
623 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I feel like I have a doozy of a complicated issue and am looking for some guidance.

I'm new to Selfhosting so I got myself an off-the-shelf Asustor NAS. It's got apps which is cool, so I've installed Jellyfin. I want to access my Jellyfin over the web so I've set up DDNS via my Asusstor Manual Connect and FreeDNS. This works well, I can access it over HTTP but the domain is... kind of long and unpleasant, so I got myself a "pretty" domain and setup a CNAME to the FreeDNS. I'm port forwarding on my router, everything works, so far so good.

To make it overtly complicated, I want to make the connection HTTPS. This is where I'm struggling. I've set up the SSL cert for my "pretty" domain via Lets Encrypt, but it times out. I'm not sure if, or how I can make the FreeDNS HTTPS or covered under my Lets Encrypt cert since I don't technically own the FreeDNS domain. My provider doesn't give my any wildcard options on the "pretty" domains cert either.

I've got the HTTPS set on my Asustor and Jellyfin based on the "pretty" domains SSL cert. I've got my port-forwarding 443 to Jellyfins suggested HTTPS port on my router. I feel like the lynchpin is the FreeDNS subdomain handing off the DDNS request but I'm not sure how to solve it. Any suggestions on how I can get this setup to work? Anyone else run a similar setup where they access their local X port via the web via HTTPS?

Open to similar experiences, suggestions, ideas, pretty much anything at this point.

you are viewing a single comment's thread
view the rest of the comments
[–] ProtecyaTec 1 points 8 months ago* (last edited 8 months ago) (1 children)

I do appreciate everyone's suggestions and help. Here's what I ended up doing.

FreeDNS via freedns.afraid.org as a DDNS Subdomain

Domain + Subdomain via hosting provider

Hosted Subdomain CNAME to the DDNS Subdomain

Setup DDNS using Asustor > Settings > Manual Connect and setting up a FreeDNS account and input the info it needed. Last DDNS update keeps coming back as Failure but FreeDNS keeps updating my IP so it seems to work, but for whatever reason Asustor doesn't think it's working.

Used openssl + certbot CLI tools to generate a certificate that covers all 3 cases: Hosted Subdomain, Hosted Domain, DDNS Subdomain. Looks like this:

certbot certonly --key-type rsa --rsa-key-size 2048 --manual --preferred-challenges dns -d hosteddomain.example -d subdomain.hosteddomain.example -d ddns.domain.example

This will set up verification codes that you can create TXT records for on the Hosted Domain and the DDNS Domain. I had to contact FreeDNS to get access to add text records with underscores but they were cool and quick to reply. They look like this:

_acme-challenge.hosteddomain.example
8suZTccF9ZpB0fnBr9mgEEXTcX7cqSkDXiBzucTcOfw

Once the certificates are in place I uploaded them to my Hosted Domain and verified that my Hosted Domain was showing the SSL certificate / lock at HTTPS.

Next I logged into my Asustor and under Settings > Certificate Manager I added my SSL Certificates and assigned it as the primary certificate for the NAS.

Finally, I needed to enable SSL on my Jellyfin, which required a PFX file.

openssl pkcs12 --export -out "Z:\Path\To\PFXOutput\jellyfin.pfx" -inkey "Z:\Path\To\Cert\jellyfin.key" -in "Z:\Path\To\Cert\jellyfin.crt"

Under Jellyfin > Dashboard > Networking I enable HTTPS, Require HTTPS, give it the path to the PFX file and the PFX password, and Allow remote connections to the server. I disabled port forwarding from Jellyfin and had to jump into my router to remove the UPnP records it had previously added. All port numbers are default to Jellyfin and no URLs in the Server Address Settings.

Important to take note of the Jellyfin ports here for both HTTP and HTTPS requests. Important note to restart Jellyfin after this takes effect. Asustor has an App Central where under Installed Apps you can just turn it off and back on again.

Finally, I added Port Forwarding to my router so that the 443 looks for the Jellyfin HTTPS port and 80 looks for the Jellyfin HTTP port at my NAS IP.

Now I can access HTTPS subdomain.domain.example and land at my Dockered Jellyfin app.

[–] ProtecyaTec 1 points 8 months ago* (last edited 8 months ago)

I don't know if this will help anyone but damn is the documentation on how to do this kind of thing scarce so here I am. I was quite a struggle both learning all this and implementing it but it's been fun overall.

FreeDNS doesn't seem to have a way to add any kind of SSL Certs as far as I can tell. Not that I needed to, but when I tried explaining my situation to the hosting provider they suggested that the cert needed to be on the DDNS server.

I also couldn't get the Asustor Reverse Proxy to work either. Many of the tutorials and user suggestions i ran across suggested that this is the way to get SSL but when I tried to implement it I kept landing at my portal login and nothing was getting proxy'd. The netstat command was showing that whatever the reverse proxy port needed was not open - I also ran across this in a 2020+ thread on Asustor.

Right now I'll also need to manually update the certs and go through this process again in 3 months time. There might be a way to automate this process but it's a lot of steps that I'm not sure can be automated in this seeming (to me) flawed setup. In any case, it's been challenging but fun and I think in the next 6 months I'll upgrade out of Asustor and into a bigger server with a core Linux setup. I know nothing about Linux :)