I love my homelab, and the more I tune things the more satisfaction I have. I tolerated the “Your connection is not private” for my self-signed SSL certs on my services for way too long.

I just setup NGINX Proxy Manager as a LXC on my Proxmox Server and pointed a subdomain I own to the server. Now I have custom domains for each service along with valid SSL Certificates. It’s all local without exposing anything to the outside world. It’s very satisfying. I tried explaining what I was doing to my GF but she could care less ¯\_(ツ)_/¯

Followed this video from Wolfgang’s Channel YouTube (great channel btw), the first minute does a better job explaining the setup. I always thought I would have to setup a local CA which is more work than I was interested in, but this approach was much simpler (and free!).

  • kaiwulf@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    But, setting up your own offline root and intermediate issuing CAs is so much fun!

    I too like my websites and web-based consoles to not pop up the https warning, so good on ya for getting that going

    All my network devices have role based access via AD, and run through a RADIUS server. Most of my devices talk PEAP-MS-CHAPv2 for RADIUS auth, in a server per service environment like I have where the NPS server is separate from the DCs, a RAS & IAS cert on the NPS server is required for that communication.