:PROPERTIES:
#+SETUPFILE: setup.org
#+keywords: homelab
#+subtitle: 
:END:

** HTTPS @ Home
I run a lot of services at home.

This includes, but isn't limited to

- [[https://archivebox.io/][ArchiveBox]]
- [[https://github.com/dani-garcia/vaultwarden][VaultWarden]]
- [[https://github.com/navidrome/navidrome][Navidrome]]
- [[https://plex.tv][Plex]]
- [[https://github.com/LibrePhotos/librephotos][LibrePhotos]]
- This blog

and a lot more.

Pretty much anything that's served up over HTTP is always nice if not
necessary to have behind TLS.

[[https://letsencrypt.org/][LetsEncrypt]] long ago brought free certs to
the masses and there are a lot of tools for automating that nowadays.

My preferred approach for getting all the unnecessary nonsense I
self-host at home behind TLS is [[https://caddyserver.com][Caddy]].

I have a super straight forward setup, generally:

- Run Caddy in a docker container
- Create a wildcard CNAME record in my DNS pointing at my home's
  (effectively) static IP
- Add an entry in my Caddyfile for each services I'm running at home on
  its own subdomain
- If it's a service then I add it with a =reverse_proxy= block
- If it's a static site (like this) then there's a block for
- If it's something I want only accessible on my home network then I put
  a block like

#+BEGIN_EXAMPLE
      @local_network {
        path *
        remote_ip 
      }
#+END_EXAMPLE

in the directive. And voila.

Then tell Caddy to reload the config and I'm done.