54 lines
1.5 KiB
Org Mode
54 lines
1.5 KiB
Org Mode
#+HUGO_BASE_DIR: .
|
|
* Homelab
|
|
** HTTPS @ Home
|
|
:PROPERTIES:
|
|
:EXPORT_FILE_NAME: https-at-home
|
|
:EXPORT_DATE: 2022-11-08
|
|
:EXPORT_HUGO_MENU: :menu "main"
|
|
:END:
|
|
|
|
I run a lot of services at home.
|
|
|
|
This includes, but isn't limited to
|
|
|
|
- [[https://archivebox.io/][ArchiveBox]]
|
|
- [[https://github.com/dani-garcia/vaultwarden][VaultWarden]]
|
|
- [[https://github.com/navidrome/navidrome][Navidrome]]
|
|
- [[https://plex.tv][Plex]]
|
|
- [[https://github.com/LibrePhotos/librephotos][LibrePhotos]]
|
|
- This blog
|
|
|
|
and a lot more.
|
|
|
|
Pretty much anything that's served up over HTTP is always nice if not
|
|
necessary to have behind TLS.
|
|
|
|
[[https://letsencrypt.org/][LetsEncrypt]] long ago brought free certs to
|
|
the masses and there are a lot of tools for automating that nowadays.
|
|
|
|
My preferred approach for getting all the unnecessary nonsense I
|
|
self-host at home behind TLS is [[https://caddyserver.com][Caddy]].
|
|
|
|
I have a super straight forward setup, generally:
|
|
|
|
- Run Caddy in a docker container
|
|
- Create a wildcard CNAME record in my DNS pointing at my home's
|
|
(effectively) static IP
|
|
- Add an entry in my Caddyfile for each services I'm running at home on
|
|
its own subdomain
|
|
- If it's a service then I add it with a =reverse_proxy= block
|
|
- If it's a static site (like this) then there's a block for
|
|
- If it's something I want only accessible on my home network then I put
|
|
a block like
|
|
|
|
#+BEGIN_EXAMPLE
|
|
@local_network {
|
|
path *
|
|
remote_ip
|
|
}
|
|
#+END_EXAMPLE
|
|
|
|
in the directive. And voila.
|
|
|
|
Then tell Caddy to reload the config and I'm done.
|