this post was submitted on 30 Jul 2023
98 points (94.5% liked)
Selfhosted
60093 readers
965 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam.
-
Posts here are to be centered around self-hosting. Please ensure it is clear in your post how it relates to self-hosting.
-
Don't duplicate the full text of your blog or git here. Just post the link for folks to click.
-
Submission headline should match the article title.
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Try a reverse proxy (like the nginx-proxy-manager)
Like the peer comment mentioned. just drop nginx in front and let it so the TLS handoff. always recommend to put nginx in front of any open source docker project as you can finetune many of the security controls there.
Why don’t you use LetsEncrypt? You shouldn’t be self signing certs these days
If you own a domain name you can use DNS challenge for obtaining the ssl cert, no need to open ports to get a cert issued. Nginx proxy manager has this feature built in and has support for many DNS name registrars.
Do those restrictions cause issues with getting certs from Let's Encrypt?
Getting certs from Let's Encrypt should work fine with any provider, even if you can't open any ports, since they do support DNS challenge.
It definitely does. I have some internal-only sites that use Let's Encrypt certificates. I use acme-dns and Certbot.