So, I have a few services (Jellyfin, Home Assistant, etc) that I am running, and have been acessing via their IP’s and port numbers.

Recently, I started using NGINX so that I could setup entries in my Pi Hole, and access my services via some made up hostname (jellyfin.home, homeassistant.home, etc).

This is working great, but I also own a few domains, and thought of adding an SSL cert to them as well, which I have seen several tutorials on and it seems straight forward.

My questions:

  • Will there be any issues running SSL certs if all of my internal service are inward facing, with no WAN access? My understanding is that when I try to go to jellyfin.mydomainname.com, it will do the DNS lookup, which will point to a local address for NGINX on my network, which the requesting device will then point to and get the IP of the actual server.

  • Are there risks of anything being exposed externally if I use an actual CA for my cert? My main goal is to keep my home setup off of the internet.

  • Black Xanthus
    link
    English
    32 years ago

    Have you looked at something like :

    https://letsencrypt.org/

    It offers a free CA for self-hosted stuff. It does TLS certs, and others. It’s very useful for avoiding the high fees

    • @rootOP
      link
      English
      32 years ago

      I have heard of this, but I think if you self-host a CA, you have to add the cert to every device that wants access to the service right? For example, I’d have to add it to my TV if my TV connects to Jellyfin, to my laptop if my laptop needs access to Home Assistant, etc. I’m not sure my family would like that XD

      • Katrina
        link
        fedilink
        English
        22 years ago

        Lets encrypt certificates are trusted by everything I’ve tried.