I love my homelab, and the more I tune things the more satisfaction I have. I tolerated the “Your connection is not private” for my self-signed SSL certs on my services for way too long.

I just setup NGINX Proxy Manager as a LXC on my Proxmox Server and pointed a subdomain I own to the server. Now I have custom domains for each service along with valid SSL Certificates. It’s all local without exposing anything to the outside world. It’s very satisfying. I tried explaining what I was doing to my GF but she could care less ¯\_(ツ)_/¯

Followed this video from Wolfgang’s Channel YouTube (great channel btw), the first minute does a better job explaining the setup. I always thought I would have to setup a local CA which is more work than I was interested in, but this approach was much simpler (and free!).

  • EODdoUbleU@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Prepare HTTP (plain HTTP, no TLS) server to serve your intermediate/signing certificates (for AIA protocol) and CRL (for validation)

    Or create a repository on Github, point ca.yourdomain.com to Github Pages and publish there. Doing this solves the PKI chicken-and-egg problem for a homelab and doesn’t tie up any resources to serve them.