Following a recent post on how I use Tailscale and NextDNS to manage my home network
Tailscale Part 3 - How I run my Home NetworkI’ve written quite a bit about Tailscale and its features. In this post, I’ll be covering how I’ve utilised the technology in
As a side note, how do people handle HTTPS with private networks (VPN or local) these days? I typically just stick to HTTP, but it would be nice to get rid of the warnings/lock (and I use HTTPS-only mode and firefox seems to require a fresh exception for every port).
Doing what the OP (same result, just different software) or I posted and assigning certificates to secure your local services means you can avoid the HTTPS warning that major browsers will pop up on an unsecure (HTTP) connection. Instead of going to an internal dns name without a certificate or direct to the ip…you assign a wildcard certificate to a domain name you’ve setup on your local dns. You then access that service via the HTTPS protected Domain name, with no warning.
As a side note, how do people handle HTTPS with private networks (VPN or local) these days? I typically just stick to HTTP, but it would be nice to get rid of the warnings/lock (and I use HTTPS-only mode and firefox seems to require a fresh exception for every port).
DNS challenge, that way you don’t have to have anything open to the outside. It needs to be using a domain you own and have registered, though.
Here’s a tutorial with (seemingly) all the DNS providers: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
Nice. I was using an older ddns that didn’t support acme, but switched to a different that supports it so I’ll look into it.
I have a public DNS entry pointing to the local IP. And use DNS based verification to get the letsencrypt certificate.
Self signed certificates and import CA onto all of my devices.
Or, public DNS with cloudflare that points to local IP, but you can’t do this with a .local domain
Doing what the OP (same result, just different software) or I posted and assigning certificates to secure your local services means you can avoid the HTTPS warning that major browsers will pop up on an unsecure (HTTP) connection. Instead of going to an internal dns name without a certificate or direct to the ip…you assign a wildcard certificate to a domain name you’ve setup on your local dns. You then access that service via the HTTPS protected Domain name, with no warning.