7
How are people doing HTTPS?
(kbin.social)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 09 Aug 2023
7 points (100.0% liked)
Selfhosting
3 readers
1 users here now
All things selfhosting and homelab related Resources: - https://github.com/awesome-selfhosted/awesome-selfhosted - https://github.com/awesome-foss/awesome-sysadmin
founded 1 year ago
You don't have to expose Nginx publicly. It can exist privately on your network. I have my own domain and DNS server internally. For example
nginx.home.datallboy.comandjellyfin.home.datallboy.comwill resolve to NPM server at192.168.1.10. Then nginx can listen forjellyfin.home.datallboy.com, and proxy those connections to my Jellyfin VM at192.168.1.20.Since I own my domain (
datallboy.com), I let Nginx Proxy Manager do DNS challenge which is only used to authenticate that I own the domain. This will insert a TXT record on public DNS records for verification, and it can be removed afterwards. LetsEncrypt will then issue a certificate forhttps://jellyfin.home.datallboy.comwhich I can only access locally on my network since it only resolves to private IP addresses. The only thing "exposed" is that LetsEncrypt issued a certificate to your domain, which isn't accessible to the internet anyways.You do not have to create your own CA server.