Hey all,

Hope this is the right place to be asking (Reddit refugee), but do any of you setup certs for inward facing services? For example, I run “Whoogle” on my proxmox server, which I then access from several other devices when performing searches.

The connection between my machines and that proxmox VM are not encrypted, however only my VLAN (for personal devices) is able to access it.

Is it good practice to create a certificate for those types of servers that can only be accessed within your own network, or overkill?

  • @[email protected]OP
    link
    fedilink
    11 year ago

    Gotcha. NGINX is just for serving externally usually, right? I’ve heard about it, but never used it. Have you heard of certbot before? I may look into it, for practice if nothing else.

    • Krafting
      link
      11 year ago

      No, it can be used internally too, it’s a reverse proxy, I didn’t know anything about this until I tried it! it also allow you to your website without ports behing (for exemple video.lab.home instead of video.lab.home:8096 for jellyfin)

      Also, certbots, if i’m not mistaken, is only used for public facing domains, for domains like .local and .home and anything that you use to resolve domains internally will not work.

      Except maybe if you use a real domain to point to your internal local IP, which I find too weird but it works ahah

      • @[email protected]OP
        link
        fedilink
        11 year ago

        Oooo, I’m going to have to check out NGINX then! I was thinking of adding a custom DNS entry in PiHole so that I could talk to Jellyfin directly with a URL, but I would still need the ports since DNS doesn’t care about/ handle port information. Thank you!

        • Krafting
          link
          2
          edit-2
          1 year ago

          Yes, you’ll learn a lot, like I did few months ago! Have fun :)

          Edit: The software is “NGINX Proxy Manager”, to have an All in one solution. if you just use NGINX it might be more complicated!