Self-Hosted Main

504 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

communick@selfhosted.forum

Question about NPM: Why does choosing "https" not work for https? (alien.top)

submitted 1 year ago by MalcolmY@alien.top to c/main@selfhosted.forum

2 comments fedilink hide all child comments

In Nginx Proxy Manager (NPM) when you set up a proxy you have to choose "scheme", either http or https. If you choose "https" for an "https" link, it doesn't work! The website returns and error.

Today I spent a very long time setting up Vaultwarden. Even though I don't plan to expose it to the public internet, I had to get an SSL certificate because the thing wouldn't register/login without it. I setup everything right, it didn't work until I changed that "scheme" option over from "https" to "http"?

So, if I want to setup a proxy that has: SSL certificate, force SSL, and will be visited through "https://", why would it only work with that http option?

you are viewing a single comment's thread
view the rest of the comments

[–] skbo@lu.skbo.net 1 points 1 year ago

The informations you enter in the detail panel are the ones you need to access the service.

Say, you have a default installation of Vaultwarden on the port 1234, you can access it directly, in http, with the URL http://hostname:1234, and therefore, you will need to configure NPM so that the new proxy host access the service with the http scheme, on the hostname host, with the port 1234.

Now, you change your installation of Vaultwarden, and add all the necessary TSL public and private keys that it requires, then you will need to directly access your instance with the https scheme, on the https://hostname:1234 URL, so that the TLS handshake can be performed and a secure connection can be made. The NPM configuration then will need to use the https scheme as well to access the service, otherwise, NPM won't be able to properly connect to the service and it will fail.

That's for the "internal" part of your configuration. You can still provide a service with TLS certifications, force TLS and everything, that will be for the external part of your service. If you trust your network, the communication inside it, or the device that holds all your services, it's totally fine to use an http scheme to access your service internally. But if you have to access it through a network that you don't trust, say, all the communications are unencrypted, and your NPM host is not the same as your Vaultwarden one, then you should definitely go through the hassle of setting up all the TLS encryption directly inside Vaultwarden first, and access it only with the https scheme.