I’m going round in circles on this one.
What I want to do is:
- serve up my self-hosted apps with https (to local clients only - nothing over the open web)
- address them as ‘app.server.lan’ or ‘sever.lan/app’
- preferably host whatever is needed in docker
I think this is achievable with a reverse proxy, some kind of DNS server and self-signed certs. I’m not a complete noob but my knowledge in this area is lacking. I’ve done a fair bit of research but I’m probably not using the right terminology or whatever.
Would anyone have a link to a good guide that covers this?
I have this setup. I bought a domain (say homeserver.tld) from a registrar that allows zone edits with an API. Then I use certbot with a plugin that supports my registrar to get real Let’s Encrypt certificates. Usually Let’s encrypt connects to your server to ensure that it responds to the domain you’re requesting a certificate for, but this challenge can also be done by editing the DNS record of your domain to prove ownership. That is called DNS-01 challenge and is useful of your domain is not publicly reachable. Google for certbot DNS-01 your registrar to find some documentation.
Some of the VMs/LXC now get certificates for a specific subdomain (“some-app.homeserver.tld”), other just get a wildcard certificate (“*.homeserver.tld”) - e.g. my docker host.
I do the same. I have a real domain and certbot does a dns challenge. It was a little fiddly and took a moment to figure out, i think that was because i couldn’t gat caddy to work, but traefik worked a charm. Self signing is more complex i think because you’ll need to accept the root in every client (browsers especially?), which is even more fiddly.