I love my homelab, and the more I tune things the more satisfaction I have. I tolerated the “Your connection is not private” for my self-signed SSL certs on my services for way too long.

I just setup NGINX Proxy Manager as a LXC on my Proxmox Server and pointed a subdomain I own to the server. Now I have custom domains for each service along with valid SSL Certificates. It’s all local without exposing anything to the outside world. It’s very satisfying. I tried explaining what I was doing to my GF but she could care less ¯\_(ツ)_/¯

Followed this video from Wolfgang’s Channel YouTube (great channel btw), the first minute does a better job explaining the setup. I always thought I would have to setup a local CA which is more work than I was interested in, but this approach was much simpler (and free!).

  • jaredearle@alien.topB
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    I use HAProxy on pfSense with wildcard LetsEncrypt certs and a firewall rule only to allow connections from the WAN IP Address.

    It’s really easy and requires no certificates on the target servers.

    • CodeTheStars@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      My setups are similar. HAProxy as an SSL terminator for all domains. Unencrypted proxy to the services after that. Nginx can use v2 proxy which is nice.

      I have a bunch of scripts that collect all the domains and then generate / renew the certs with acme.sh . HAProxy can reload certs with no downtime as well.