You are only browsing one thread in the discussion! All comments are available on the post page.

Return

datallboy ,
@datallboy@lemmy.techhaven.io avatar

LetsEncrypt provides free certificates. I would setup Nginx Proxy Manager and use DNS challenge with your dyndns provider to get HTTPS on your home services.

ripcord ,
@ripcord@kbin.social avatar

My problem - and I'm not alone - is that I really don't want to expose anything publicly. Is there a way to do this without exposing anything to the Internet?

Croquette ,

I am new at this, but from my understanding, if you want to not expose anything to internet, you would need to create your own CA server to create your own certificates and have the necessary encryption certs for your own https on your home lab.

ripcord ,
@ripcord@kbin.social avatar

That's essentially what I ended up having to do, but keep hoping that I've missed something.

I also find that people seem to ignore this route, assuming people are fine with public dns pointing at your home ip and http/https ports open.

wagesj45 ,
@wagesj45@kbin.social avatar

Gotta live on the edge, man. Open up your router. All ports. Firewalls are for pansies. Connect your laptop directly to the modem. Enable ssh and rdp. What could go wrong?

Croquette ,

You can setup a VPS between the internet and your home network to limit the exposition of your home network. When a client pings yourdomain.com, it sees the ip of the VPS and not the IP of your home network.

Otherwise, a VPN + home CA server will make your home network accessible and encrypted as well

datallboy ,
@datallboy@lemmy.techhaven.io avatar

You don’t have to expose Nginx publicly. It can exist privately on your network. I have my own domain and DNS server internally. For example nginx.home.datallboy.com and jellyfin.home.datallboy.com will resolve to NPM server at 192.168.1.10. Then nginx can listen for jellyfin.home.datallboy.com, and proxy those connections to my Jellyfin VM at 192.168.1.20.

Since I own my domain (datallboy.com), I let Nginx Proxy Manager do DNS challenge which is only used to authenticate that I own the domain. This will insert a TXT record on public DNS records for verification, and it can be removed afterwards. LetsEncrypt will then issue a certificate for https://jellyfin.home.datallboy.com which I can only access locally on my network since it only resolves to private IP addresses. The only thing “exposed” is that LetsEncrypt issued a certificate to your domain, which isn’t accessible to the internet anyways.

You do not have to create your own CA server.

julle ,

I have a public domain that I only use internally on my home network. I have a local DNS server that handles all my internal DNS records. So I just point my DNS records to my nginx proxy manager's local IP address and let it create certs using DNS Challenge. So I don't need to expose anything external to make it work.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • [email protected]
  • All magazines
    •