this post was submitted on 07 Jul 2024
78 points (98.8% liked)

Selfhosted

40183 readers
608 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

I want my self hosted things to use https. For example, I have Jellyfin installed via docker, and I want it to use https instead of http.

I don't care about necessarily doing this the "right" way, as I won't be making Jellyfin or any other service public, and will only be using it on my local network.

What is the easiest way to do this? Assume everything I host is in docker. Also a link to a tutorial would be great.

Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 32 points 4 months ago (3 children)

Reverse proxy and letsencrypt. Doing custom certificates is more difficult and you would need to install and trust the certificate on all devices.

[–] [email protected] 8 points 4 months ago (2 children)

This assumes ownership of a domain if I'm not mistaken.

Otherwise, yes this is the easiest way.

[–] [email protected] 9 points 4 months ago (1 children)

There are dyndns providers that support the DNS challenge that have free tiers. Those are sufficient, and you can even get wildcard certs for your subdomain that way. Perfectly sufficient for a homelab.

[–] [email protected] 1 points 4 months ago (1 children)
[–] [email protected] 2 points 4 months ago

Yes exactly. I didn't wanna name-drop them cause they are closed for new dynDNS signups. You can create an account to manage your own domain, but you currently can't signup for their dynDNS service, unfortunately.

That being said, I would still highly recommend them for managing your own domain, if you're looking for a place to host literally just the DNS part.

[–] [email protected] 9 points 4 months ago

If needed you could use a subdomain from a free dyndns provider. And if you're going to be self hosting stuff having your own domain is probably good anyway.

[–] [email protected] 1 points 4 months ago

Yeah I guess installing a root CA cert (or an Intermediate, depending on how complex your setup is) and automatically rotating certs upon expiry isn't the most trivial thing. With that said, dekstop linux/windows isn't a problem. You could theoretically do it on iOS too. Android recently has completely broken this method, however, and there's a fair few hoops one must jump over to insert a root CA into the Android trust store on Android 13 and later. I'd like find a way to do it just for browsers on Android using adb if possible

[–] [email protected] 1 points 4 months ago

I agree. Get a domain name, point it to the internal address of your NGINX Proxy manager (or other reverse proxy that manages certificates that you are used to). A bit of work initially, then trivial to add services afterwards.

I didn't really need encryption for my internal services (although I guess that's good), but I kept getting papercuts with browser warnings, not being able to save passwords, and some services (eg container repository on Forgejo) just flat out refusing to trust a http connection.