I want my self hosted things to use https. For example, I have Jellyfin installed via docker, and I want it to use https instead of http.

I don’t care about necessarily doing this the “right” way, as I won’t be making Jellyfin or any other service public, and will only be using it on my local network.

What is the easiest way to do this? Assume everything I host is in docker. Also a link to a tutorial would be great.

Thanks!

  • seang96A
    link
    fedilink
    English
    arrow-up
    32
    ·
    7 days ago

    Reverse proxy and letsencrypt. Doing custom certificates is more difficult and you would need to install and trust the certificate on all devices.

    • AbidanYre@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      7 days ago

      This assumes ownership of a domain if I’m not mistaken.

      Otherwise, yes this is the easiest way.

      • Creat@discuss.tchncs.de
        link
        fedilink
        English
        arrow-up
        9
        ·
        7 days ago

        There are dyndns providers that support the DNS challenge that have free tiers. Those are sufficient, and you can even get wildcard certs for your subdomain that way. Perfectly sufficient for a homelab.

          • Creat@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            2
            ·
            6 days ago

            Yes exactly. I didn’t wanna name-drop them cause they are closed for new dynDNS signups. You can create an account to manage your own domain, but you currently can’t signup for their dynDNS service, unfortunately.

            That being said, I would still highly recommend them for managing your own domain, if you’re looking for a place to host literally just the DNS part.

      • jonne@infosec.pub
        link
        fedilink
        English
        arrow-up
        9
        ·
        7 days ago

        If needed you could use a subdomain from a free dyndns provider. And if you’re going to be self hosting stuff having your own domain is probably good anyway.

      • seang96A
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 days ago

        That is correct, the domain would need to be purchased in this case.

    • Findmysec@infosec.pub
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 days ago

      Yeah I guess installing a root CA cert (or an Intermediate, depending on how complex your setup is) and automatically rotating certs upon expiry isn’t the most trivial thing. With that said, dekstop linux/windows isn’t a problem. You could theoretically do it on iOS too. Android recently has completely broken this method, however, and there’s a fair few hoops one must jump over to insert a root CA into the Android trust store on Android 13 and later. I’d like find a way to do it just for browsers on Android using adb if possible

    • thirdBreakfast@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 days ago

      I agree. Get a domain name, point it to the internal address of your NGINX Proxy manager (or other reverse proxy that manages certificates that you are used to). A bit of work initially, then trivial to add services afterwards.

      I didn’t really need encryption for my internal services (although I guess that’s good), but I kept getting papercuts with browser warnings, not being able to save passwords, and some services (eg container repository on Forgejo) just flat out refusing to trust a http connection.