+++
title = "HTTPS @ Home"
date = "2022-11-08"
+++

I run a lot of services at home.

This includes, but isn't limited to

- [ArchiveBox](https://archivebox.io/)
- [VaultWarden](https://github.com/dani-garcia/vaultwarden)
- [Navidrome](https://github.com/navidrome/navidrome)
- [Plex](https://plex.tv)
- [LibrePhotos](https://github.com/LibrePhotos/librephotos)
- This blog

and a lot more.

Pretty much anything that's served up over HTTP is always nice if not necessary to have behind TLS.

[LetsEncrypt](https://letsencrypt.org/) long ago brought free certs to the masses and there are a lot of tools for automating that nowadays.

My preferred approach for getting all the unnecessary nonsense I self-host at home behind TLS is [Caddy](https://caddyserver.com).

I have a super straight forward setup, generally:

- Run Caddy in a docker container
- Create a wildcard CNAME record in my DNS pointing at my home's (effectively) static IP
- Add an entry in my Caddyfile for each services I'm running at home on its own subdomain
- If it's a service then I add it with a `reverse_proxy` block
- If it's a static site (like this) then there's a block for
- If it's something I want only accessible on my home network then I put a block like

```txt
  @local_network {
    path *
    remote_ip <home subnet here>
  }
```

in the directive. And voila.

Then tell Caddy to reload the config and I'm done.