I love my homelab, and the more I tune things the more satisfaction I have. I tolerated the “Your connection is not private” for my self-signed SSL certs on my services for way too long.
I just setup NGINX Proxy Manager as a LXC on my Proxmox Server and pointed a subdomain I own to the server. Now I have custom domains for each service along with valid SSL Certificates. It’s all local without exposing anything to the outside world. It’s very satisfying. I tried explaining what I was doing to my GF but she could care less ¯\_(ツ)_/¯
Followed this video from Wolfgang’s Channel YouTube (great channel btw), the first minute does a better job explaining the setup. I always thought I would have to setup a local CA which is more work than I was interested in, but this approach was much simpler (and free!).
I use HAProxy on pfSense with wildcard LetsEncrypt certs and a firewall rule only to allow connections from the WAN IP Address.
It’s really easy and requires no certificates on the target servers.
My setups are similar. HAProxy as an SSL terminator for all domains. Unencrypted proxy to the services after that. Nginx can use v2 proxy which is nice.
I have a bunch of scripts that collect all the domains and then generate / renew the certs with acme.sh . HAProxy can reload certs with no downtime as well.