I want my self hosted things to use https. For example, I have Jellyfin installed via docker, and I want it to use https instead of http.
I don’t care about necessarily doing this the “right” way, as I won’t be making Jellyfin or any other service public, and will only be using it on my local network.
What is the easiest way to do this? Assume everything I host is in docker. Also a link to a tutorial would be great.
Thanks!
Reverse proxy and letsencrypt. Doing custom certificates is more difficult and you would need to install and trust the certificate on all devices.
This assumes ownership of a domain if I’m not mistaken.
Otherwise, yes this is the easiest way.
There are dyndns providers that support the DNS challenge that have free tiers. Those are sufficient, and you can even get wildcard certs for your subdomain that way. Perfectly sufficient for a homelab.
desec.io
Yes exactly. I didn’t wanna name-drop them cause they are closed for new dynDNS signups. You can create an account to manage your own domain, but you currently can’t signup for their dynDNS service, unfortunately.
That being said, I would still highly recommend them for managing your own domain, if you’re looking for a place to host literally just the DNS part.
If needed you could use a subdomain from a free dyndns provider. And if you’re going to be self hosting stuff having your own domain is probably good anyway.
That is correct, the domain would need to be purchased in this case.
Yeah I guess installing a root CA cert (or an Intermediate, depending on how complex your setup is) and automatically rotating certs upon expiry isn’t the most trivial thing. With that said, dekstop linux/windows isn’t a problem. You could theoretically do it on iOS too. Android recently has completely broken this method, however, and there’s a fair few hoops one must jump over to insert a root CA into the Android trust store on Android 13 and later. I’d like find a way to do it just for browsers on Android using adb if possible
I agree. Get a domain name, point it to the internal address of your NGINX Proxy manager (or other reverse proxy that manages certificates that you are used to). A bit of work initially, then trivial to add services afterwards.
I didn’t really need encryption for my internal services (although I guess that’s good), but I kept getting papercuts with browser warnings, not being able to save passwords, and some services (eg container repository on Forgejo) just flat out refusing to trust a http connection.