100 lines
2.9 KiB
Markdown
100 lines
2.9 KiB
Markdown
+++
|
|
title = "HTTPS @ Home"
|
|
date = 2022-11-08
|
|
tags = ["homelab"]
|
|
draft = false
|
|
[menu]
|
|
[menu.main]
|
|
weight = 2001
|
|
identifier = "https-home"
|
|
+++
|
|
|
|
I run a lot of services at home.
|
|
|
|
This includes, but isn't limited to
|
|
|
|
- [ArchiveBox](https://archivebox.io/)
|
|
- [VaultWarden](https://github.com/dani-garcia/vaultwarden)
|
|
- [Navidrome](https://github.com/navidrome/navidrome)
|
|
- [Plex](https://plex.tv)
|
|
- [LibrePhotos](https://github.com/LibrePhotos/librephotos)
|
|
- This blog
|
|
|
|
and a lot more.
|
|
|
|
Pretty much anything that's served up over HTTP is always nice if not
|
|
necessary to have behind TLS.
|
|
|
|
[LetsEncrypt](https://letsencrypt.org/) long ago brought free certs to
|
|
the masses and there are a lot of tools for automating that nowadays.
|
|
|
|
My preferred approach for getting all the unnecessary nonsense I
|
|
self-host at home behind TLS is [Caddy](https://caddyserver.com).
|
|
|
|
I have a super straight forward setup, generally:
|
|
|
|
- Run Caddy in a docker container
|
|
- Create a wildcard CNAME record in my DNS pointing at my home's
|
|
(effectively) static IP
|
|
- Add an entry in my Caddyfile for each services I'm running at home on
|
|
its own subdomain
|
|
- If it's a service then I add it with a `reverse_proxy` block
|
|
- If it's a static site (like this) then there's a block for
|
|
- If it's something I want only accessible on my home network then I put
|
|
a block like
|
|
|
|
<!--listend-->
|
|
|
|
```text
|
|
@local_network {
|
|
path *
|
|
remote_ip
|
|
}
|
|
```
|
|
|
|
in the directive. And voila.
|
|
|
|
Then tell Caddy to reload the config and I'm done.
|
|
|
|
~~+~~ title = "My multiroom audio setup" date = "2022-11-08" ~~+~~
|
|
|
|
I've put my home audio solution together out of the following
|
|
components.
|
|
|
|
- [Snapcast](https://github.com/badaix/snapcast)
|
|
|
|
- [MPD](https://www.musicpd.org/)
|
|
|
|
- [Librespot](https://github.com/librespot-org/librespot)
|
|
|
|
- [Shairport-sync](https://github.com/mikebrady/shairport-sync)
|
|
|
|
- A mini-PC in my closet running the above software
|
|
|
|
- Two Raspberry Pi 4s
|
|
|
|
- Four Raspberry Pi Zero Ws
|
|
|
|
- Some desktop speakers and some Bluetooth speakers (wired to the Pis)
|
|
|
|
Each of the Raspberry Pis is in a room or porch attached to a speaker.
|
|
|
|
Snapcast lets me take an audio source and synchronize it across multiple
|
|
clients. Each of the Raspberry Pis are running a `snapclient` instance
|
|
and play whatever the `snapserver` instance tells them to.
|
|
|
|
Snapcast is setup to send whichever of the streams (MPD, Spotify,
|
|
Shairport-sync/AirPlay) is playing audio to each of the clients that are
|
|
connected to it.
|
|
|
|
This lets me or anyone else on my WiFi network play directly on one or
|
|
more of the speakers - each named for the room that they're in using
|
|
either Spotify, AirPlay, picking from my own music collection or by
|
|
pointing at a URL (like to a podcast episode).
|
|
|
|
This works out great and we've used it at home for the past year.
|
|
|
|
I'd like to get the podcast experience to a more seamless place but it's
|
|
pretty OK right now using AirMusic on my phone to play audio to the
|
|
speakers over AirPlay.
|