this post was submitted on 15 Apr 2025
22 points (92.3% liked)

Selfhosted

60588 readers
1445 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

I have a domain that requires HSTS preload. I want to self host a few things using that domain (and subdomains), like nextcloud, pihole, and vaultwarden. How much of an issue is HSTS preload going to be if I do that? Will I need to set up a wildcard cert for everything? Or will it just work™️ because it's internal or traffic is through a VPN?

I can't find much about this so any help would be appreciated!

you are viewing a single comment's thread
view the rest of the comments
[–] wildbus8979@sh.itjust.works 1 points 1 year ago* (last edited 1 year ago) (1 children)

Give those domains their own let's encrypt certificate?

Why is your domain HSTS preloaded?

[–] wraith@lemmy.ca 2 points 1 year ago* (last edited 1 year ago) (1 children)

Google is the registry that owns the rights to the TLD. They require all of the domains they control to have HSTS preload enabled.

[–] wildbus8979@sh.itjust.works 3 points 1 year ago* (last edited 1 year ago) (1 children)

Then yeah, VPN or not, you're going to need to enable TLS. What's the issue with giving your subdomains a certificate?

[–] wraith@lemmy.ca 1 points 1 year ago (1 children)

I am fairly new to self hosting and just wanted to know if this was a big enough deal that I should just get a domain that doesn't require HSTS preload. It's one thing to tinker with an IP address on a local network for some unimportant project; it's just intimidating to try it for real using a domain and hosting my own data.

I'm just a little nervous tbh. Thanks for the help!

[–] wildbus8979@sh.itjust.works 2 points 1 year ago

Not much to be nervous about, you can't fuck it up anymore than it already is since the HSTS is preloaded ;) ACME/Let'sEncrypt is pretty easy to setup