I have a PC I have installed Portainer on, with various docker services (home assistant, jellyfin, etc…) with an ISP supplied router fixing various device IP addresses and reaching out to dyndns.

I really want to move everything over to HTTPS connections by supplying certificates, tls termination, etc .
The issue I have is self signed certificates mean I have to manage certificate deployment to everything in the house.

I figure I need to link a domain to the DynDNS entry and arrange certs for the domain. However I can’t make the link function and everywhere wants >£100 to generate a certificate.

How are people solving this issue?

  • Bldck@beehaw.org
    1·
    1 year ago
    1. Cloudflare free tier
    2. Cloudflare wildcard cert (I use one domain with many subdomains)
    3. Docker container for dyndns to cf
    4. Nginx proxy manager
  • nalyd@sh.itjust.works
    1·
    1 year ago

    Look up Let’s Encrypt and their tool Certbot. They generate free https certs. Though I’m less sure about if you can use it on dyndns? You may need to buy a domain name and CNANE it to your dyndns name. I like nanecheap for domain names though if you’re new to the concept.

    There’s a rabbit hole of consequences and alternatives to what I just wrote though. Does dyndns hide your home IP? I’m not sure tbh

    • stevecrox@kbin.socialOP
      0·
      1 year ago

      Is there any guide on the CName stuff?

      I setup a simple hello world which could be accesseed via the dyndns addeess, bur the cname settings would error

      • nalyd@sh.itjust.works
        1·
        1 year ago

        It would come down to the specific DNS provider you’re using and what their GUI is like. in theory CNAMEs are dead simple though.

        DNS names are just stored as text, so if you use tools like mxtoolbox you can see the DNS records for a given site. Following the standard text format, a CNAME formatted like below would create www.example.net that would use the IP address from www.example.com

        www.example.net. CNAME www.example.com.

  • gabriele97@lemmy.g97.top
    1·
    1 year ago

    You can use let’s encrypt or you can use certificates given by Cloudflare if you have a domain managed with Cloudflare itself

    • ripcord@kbin.social
      0·
      1 year ago

      My problem - and I’m not alone - is that I really don’t want to expose anything publicly. Is there a way to do this without exposing anything to the Internet?

      • datallboy@lemmy.techhaven.io
        2·
        1 year ago

        You don’t have to expose Nginx publicly. It can exist privately on your network. I have my own domain and DNS server internally. For example nginx.home.datallboy.com and jellyfin.home.datallboy.com will resolve to NPM server at 192.168.1.10. Then nginx can listen for jellyfin.home.datallboy.com, and proxy those connections to my Jellyfin VM at 192.168.1.20.

        Since I own my domain (datallboy.com), I let Nginx Proxy Manager do DNS challenge which is only used to authenticate that I own the domain. This will insert a TXT record on public DNS records for verification, and it can be removed afterwards. LetsEncrypt will then issue a certificate for https://jellyfin.home.datallboy.com which I can only access locally on my network since it only resolves to private IP addresses. The only thing “exposed” is that LetsEncrypt issued a certificate to your domain, which isn’t accessible to the internet anyways.

        You do not have to create your own CA server.

      • julle@kbin.juhlin.network
        1·
        1 year ago

        I have a public domain that I only use internally on my home network. I have a local DNS server that handles all my internal DNS records. So I just point my DNS records to my nginx proxy manager’s local IP address and let it create certs using DNS Challenge. So I don’t need to expose anything external to make it work.