this post was submitted on 16 Nov 2023
4 points (100.0% liked)
Self-Hosted Main
502 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I have a registered domain and my lan domain is "int.registereddomain.com". This way I can use letsencrypt etc for my internal hosts (*.int.registereddomain.com via dns challenge). The actual dns for my internal domain itself is not public but static records in pihole.
I did something similar, though I've done a slight bifurcation-
*.i.domain.tld -> the actual internal host/IP (internal dns is adguard)
*.domain.tld all resolve internally using a DNS rewrite to a keepalived VIP that's shared between a few hosts serving caddy that handle automatic wildcard cert renewals / SSL / reverse proxy.
While I talk to things via *.domain.tld, a lot of my other services also talk to each other through this method - having some degree of reverse proxy HA was kinda necessary after introducing this sort of dependency.
Can I ask why this is done over something like hosting your own certificate authority? I’m quite new to all this DNS stuff
If you own your own domain, the lifecycle toolchain to request, renew, deliver certs around a variety of cert authorities (letsencrypt is a popular one) makes it really easy, along with not having to worry about hosting an internal CA but more importantly dealing with distributing root certs to client devices that would need to trust it.
I've used https://github.com/acmesh-official/acme.sh as a one-off for updating my Synology's https certificate (two lines - one fetch, one deploy - finishes in 20 seconds and can be cron'd to run monthly) and Caddy natively handles the entire lifecycle for me (i use cloudflare for my domain registrar which makes it both free and a snap to handle TXT challenge requests).
Certbot is another popular one.
Hmm I thought when I add tls internal to my reverse proxy rule for local domains, it does not get letsencrypt certs. But when I leave it out of the Caddyfile rule, it gets reachable from outside of the local network. How do I use your recommondation? Using a .home.lab domain locally with a DNS name resolve for every single local subdomain (dashboard.home.lab, grafana.home.lab, etc) right now with a caddy managing the outside and the inside reverse proxy work
Same here, I've got surname.com registered and use static DHCP with entries on Cloudflare for router.surname.com and fileserver.surname.com and grafana.surname.com etc. all with valid certs via letsencrypt.
I want to do this, but I have no clue how to set it up on Asustor AS6706T. I’ve got a bunch of docker apps up and running and I’d like to simplify stuff with subdomains and better ssl. The whole self signed stuff is just a whole project in itself to work right.