this post was submitted on 20 Dec 2024
38 points (91.3% liked)

Selfhosted

60366 readers
896 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 
  • Use cloudflare to get an api token
  • Set an a record for a wildcart cert *.domain.com pointing towards your servers local IP such as 192.168.0.1, turn off cloudflare proxy
  • Go into NPM and setup the SSL cert using dns challenge and your api token
  • setup a proxy host user your subdomain.domain.com pointing towards your docker container
  • key step!!!! make sure you do not have conflicting ports 80 and 443 on your machine. On unraid the device management ports are set to this, but for NPM to do local proxies, it needs access to these ports.
you are viewing a single comment's thread
view the rest of the comments
[–] solrize@lemmy.world 5 points 2 years ago (1 children)

Proxy host out on the public internet? Usually I just use a local private CA for this, and install the CA root in my browser.

[–] ComradeMiao@lemmy.dbzer0.com 1 points 2 years ago (1 children)

Cloudflare is only providing the letsencrypt cert.

Could you explain/link your method? :)

[–] solrize@lemmy.world 5 points 2 years ago

I don't bother with a proxy host or with LetsEncrypt, though I guess you could use LetsEncrypt perfectly well. Back when I was doing this, LetsEncrypt didn't exist and you had to actually pay for public certificates, so using locally generated free ones saved money. It also had a minor(?) security advantage in that if the private server key somehow leaked, it wouldn't let people impersonate our internet domain.

For the private CA I simply used the crappy CA.pl script that comes with OpenSSL or did at the time. There are much better ways to do it, especially at any kind of scale, but CA.pl sufficed dealing with a few development machines.