Updating posts - cleaning things up
This commit is contained in:
51
https-at-home.org
Normal file
51
https-at-home.org
Normal file
@@ -0,0 +1,51 @@
|
||||
:PROPERTIES:
|
||||
#+SETUPFILE: setup.org
|
||||
#+keywords: homelab
|
||||
#+subtitle:
|
||||
:END:
|
||||
|
||||
** HTTPS @ Home
|
||||
I run a lot of services at home.
|
||||
|
||||
This includes, but isn't limited to
|
||||
|
||||
- [[https://archivebox.io/][ArchiveBox]]
|
||||
- [[https://github.com/dani-garcia/vaultwarden][VaultWarden]]
|
||||
- [[https://github.com/navidrome/navidrome][Navidrome]]
|
||||
- [[https://plex.tv][Plex]]
|
||||
- [[https://github.com/LibrePhotos/librephotos][LibrePhotos]]
|
||||
- This blog
|
||||
|
||||
and a lot more.
|
||||
|
||||
Pretty much anything that's served up over HTTP is always nice if not
|
||||
necessary to have behind TLS.
|
||||
|
||||
[[https://letsencrypt.org/][LetsEncrypt]] long ago brought free certs to
|
||||
the masses and there are a lot of tools for automating that nowadays.
|
||||
|
||||
My preferred approach for getting all the unnecessary nonsense I
|
||||
self-host at home behind TLS is [[https://caddyserver.com][Caddy]].
|
||||
|
||||
I have a super straight forward setup, generally:
|
||||
|
||||
- Run Caddy in a docker container
|
||||
- Create a wildcard CNAME record in my DNS pointing at my home's
|
||||
(effectively) static IP
|
||||
- Add an entry in my Caddyfile for each services I'm running at home on
|
||||
its own subdomain
|
||||
- If it's a service then I add it with a =reverse_proxy= block
|
||||
- If it's a static site (like this) then there's a block for
|
||||
- If it's something I want only accessible on my home network then I put
|
||||
a block like
|
||||
|
||||
#+BEGIN_EXAMPLE
|
||||
@local_network {
|
||||
path *
|
||||
remote_ip
|
||||
}
|
||||
#+END_EXAMPLE
|
||||
|
||||
in the directive. And voila.
|
||||
|
||||
Then tell Caddy to reload the config and I'm done.
|
||||
Reference in New Issue
Block a user