I want my self hosted things to use https. For example, I have Jellyfin installed via docker, and I want it to use https instead of http.
I don’t care about necessarily doing this the “right” way, as I won’t be making Jellyfin or any other service public, and will only be using it on my local network.
What is the easiest way to do this? Assume everything I host is in docker. Also a link to a tutorial would be great.
Thanks!
The easiest way to do it is to do it the right way with LetsEncrypt. The hardest way to do it is the wrong way, where you create your own CA, import it as a root CA into all of the machines you’ll be accessing your servers from, then create and sign your own certs using your CA to use in your servers.
Yes, LetsEncrypt with DNS-01 challenge is the easiest way to go. Be it a single wildcard for all hosts or not.
Running a CA is cool however, just be aware of the risks involved with running your own CA.
You’re adding a root certificate to your systems that will effectively accept any certificate issued with your CA’s key. If your PK gets stolen somehow and you don’t notice it, someone might be issuing certificates that are valid for those machines. Also real CA’s also have ways to revoke certificates that are checked by browsers (OCSP and CRLs), they may employ other techniques such as cross signing and chains of trust. All those make it so a compromised certificate is revoked and not trusted by anyone after the fact.
This, letsencrypt with dns challenge, https://desec.io/ to manage the dns records https://github.com/go-acme/lego or traefik to manage the certificates and do the dns challenges for you.
Nginx Proxy Manager is awesome for managing certificates. I have all of my services running behind it.
I also use this and can recommend it
With caddy you can easily set up a local issued certificate for https. It would shine a nice warming on your browser unless you install the CA certificate on the computer you use to visit the site though.
https://caddyserver.com/docs/automatic-https#local-https
This is the easiest way I know how to do it. Caddy takes almost no configuration to get working.
Removed by mod
Just be aware of the risks involved with running your own CA.
Removed by mod
SMTP with good delivery and whatnot is entirely possible it just takes an IP with a good reputation and enough patience to read and understand the ISPmail guide and a few other details. Running a CA is a security vulnerability and a major pain if you plan to deploy it to the devices of your entire family.
Removed by mod
It’s pretty easy to do, I set it up using this guide: https://www.youtube.com/watch?v=qlcVx-k-02E
I used the same guide and it works great.
https://lemmy.world/comment/10089750
This is how I did it.
