I love my homelab, and the more I tune things the more satisfaction I have. I tolerated the “Your connection is not private” for my self-signed SSL certs on my services for way too long.
I just setup NGINX Proxy Manager as a LXC on my Proxmox Server and pointed a subdomain I own to the server. Now I have custom domains for each service along with valid SSL Certificates. It’s all local without exposing anything to the outside world. It’s very satisfying. I tried explaining what I was doing to my GF but she could care less ¯\_(ツ)_/¯
Followed this video from Wolfgang’s Channel YouTube (great channel btw), the first minute does a better job explaining the setup. I always thought I would have to setup a local CA which is more work than I was interested in, but this approach was much simpler (and free!).
Next step, CloudFlare proxy so you don’t leak your IP when accessing services.
And you can more safely host more public things like blogs.
I got this working as well and am super happy with it! I do have a few small issues though.
I have setup a wildcard cert to *.mydomain.dev pointing to my IP. Anyone can ping any of the subdomains and get my true IP because this setup requires me to have cloudflare setup dns only and if I set it to proxied, it doesn’t work.
The second issue I have is some of my applications are not too happy with the setup on https. CasaOS will fail to load the login page unless I clear the cache every time. Pterodactyl won’t let anyone externally get to a few of the pages. And a few more here and there I can’t remember.
I’ve followed this nginx proxy manager tutorial and a couple others to get it working to where it’s at now, but I can’t for the life of me figure out my above issues with my knowledge and experience.
If anyone has any knowledge or resources for these issues please let me know as I’ve wanted to fix this for a while.
Hey babe love how our http communications are secure locally now. Blow job and a back rub?
I am using caddy, which I thought was a one stop shop, but I’m getting errors for the certain trusted by my antivirus.
Interesting. I’m a noob - can you tell us if there were any complications or workarounds that the video didn’t cover?
There was actually, cloudflare seemed to not like 2nd level subdomains. So using a wildcard cert for
*.foo.bar.com
didn’t work for the setup as described in the video, but*.bar.com
did.The other thing was just specific to some of the services I use, like proxmox needed specific NGINX config that I mentioned in this comment. That was it really! DNS and NGINX isn’t that foreign to me so I was comfortable, but it was pretty simple IMO. Give it a shot!
I also suggest using this https://www.youtube.com/watch?v=BKCj6A4CHV4&t=1342s
That was the route I always thought I had to go, but it’s quite a bit more work/config. One day!
This is like seeking appreciation for breathing.
But, setting up your own offline root and intermediate issuing CAs is so much fun!
I too like my websites and web-based consoles to not pop up the https warning, so good on ya for getting that going
All my network devices have role based access via AD, and run through a RADIUS server. Most of my devices talk PEAP-MS-CHAPv2 for RADIUS auth, in a server per service environment like I have where the NPS server is separate from the DCs, a RAS & IAS cert on the NPS server is required for that communication.
When we were dating many years ago, my wife asked about some network concepts. I took it upon myself to draw out a network infrastructure on the white paper sheet covering the table. It was big with details. WTF was I thinking. She was a Dev so I wanted to flex. I think it worked 🤣
Congrats! Good job!
I have had local SSL and in house DNS servers for many years now, and I feel you because my wife couldn’t care less.
She does find it annoying and confusing when we are traveling and the bedroom light doesn’t switch off by itself 🤷 - our home is fully automated as well
Oh thanks for that, that was one of my next project, as I don’t like unencrypted packets going out through Tailgate to my phone (or worse my GF phone) for my Home Assistant setup…
It’s funny how most of questions are either already answered or get answered when I’m about to search. xD
Bravoooo
I wanted to do that aswell but was too stupid to figure out how. Guess I will give it another shor
10 points for the subject lmfao I’ll go read now … go easy on the gf, she probably rambles about makeup or skin care or something that makes your eyes gloss over
I wont appreciate you, because SSL certs stop being used years ago. TLS however…
While pedantically true, it’s still referred to as a SSL certificate in common usage.