Quick and Easy Local SSL Certificates for Your Homelab!

Поделиться
HTML-код
  • Опубликовано: 27 сен 2024

Комментарии • 933

  • @WolfgangsChannel
    @WolfgangsChannel  Год назад +114

    Text version of the video with all the commands: notthebe.ee/blog/easy-ssl-in-homelab-dns01/
    To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/Wolfgang/
    The first 200 of you will get 20% off Brilliant’s annual premium subscription

    • @SirWinnieThePooh
      @SirWinnieThePooh Год назад +2

      Not related but I love your content man, keep it up

    • @ripaire
      @ripaire Год назад +1

      hi can you please make a video about pterodactyl and it should be running the pannel and the wings in same docker-compose file if you do that i will be very gratefull and thanks for this amazing video

    • @oussamakarem5744
      @oussamakarem5744 Год назад +1

      Thanks for the share, but how about the npm network driver ?
      i can see no details about it
      thanks in advance (btw the npm never work for me)

    • @streambarhoum4464
      @streambarhoum4464 Год назад +6

      Hey Wolfgang!! 😊 what about accessing our home lab securely from the outside world without using third party CDN like cloudflare? Please provide us with a solution in a next video?😊🙏🎉

    • @ferasawwad71
      @ferasawwad71 Год назад

      Greetings to you. Do you have an explanation on how to replace the ip address of the carrier that is shown to the world to: domain HTTPS global. With its connection to a number: a computer.

  • @moritz22
    @moritz22 Год назад +213

    Very nice video, this setup is more convenient than my own dns server.
    For anyone using a fritzbox router: You have to add your full domain as an exception to the "DNS rebind protection", because the fritzbox does not allow DNS resolution of domain names that point to private ips to protect against DNS rebinding attacks

    • @saninnsalas
      @saninnsalas Год назад +4

      This is an excellent tip! Thanks!

    • @ivangogov7312
      @ivangogov7312 Год назад +1

      Thank you! Now it is working as expected.

    • @Izuna-
      @Izuna- Год назад +2

      I was looking for this comment. Thanks alot! :)

    • @RamiKattan
      @RamiKattan 10 месяцев назад +2

      Fixed my issue after pulling my hair for an hour

    • @LKD70
      @LKD70 9 месяцев назад

      Hero, thank you for this comment.

  • @americanbagel
    @americanbagel Год назад +87

    This video could not have come at a better time! I've just started putting together my own home server and I've been driving myself insane with self-signed certificates. Thanks!

  • @clabretro
    @clabretro Год назад +29

    This is the simplest way to tackle certs I've seen, definitely trying this! I've been putting it off in my homelab for ages.

  • @Andoresu96
    @Andoresu96 Год назад +348

    wait y'all are using an application to manage your nginx reverse proxy? I was editing config files like a madman here 😭

    • @sugoruyo
      @sugoruyo Год назад +29

      This is the way.

    • @rabahfdoul4844
      @rabahfdoul4844 Год назад +7

      @@sugoruyothis is the way.

    • @th3fallen
      @th3fallen Год назад +9

      Nginxproxmanager is really nice if you just want a gui and ssl rotation

    • @codewithlarsy
      @codewithlarsy Год назад +1

      😮

    • @AzarelHoward
      @AzarelHoward Год назад +3

      Me too... This is the way.

  • @jdfmovil
    @jdfmovil Год назад +86

    Add portainer to this and you have an easy way to manage all your containers. :)

    • @electricz3045
      @electricz3045 Год назад +3

      Easy it might be defently not efficient. Running shell commands is just faster then navigating around in an GUI to do the same thing.

    • @fabiandrinksmilk6205
      @fabiandrinksmilk6205 Год назад +33

      ​@@electricz3045 This is where we come to the whole CLI vs GUI discussion again. The right answer is of course your personal preference!

    • @varunaeeriyaulla
      @varunaeeriyaulla Год назад +6

      @@fabiandrinksmilk6205 I agree with you. I have multiple docker servers, including HA. It's much easier to manage with Portainer and portainer agents.

    • @4crafters597
      @4crafters597 Год назад +1

      Yacht for a smaller yet lighter system that still works for basic setups!

  • @RaidOwl
    @RaidOwl Год назад +30

    NPM is freakin awesome. It's crazy how easy it is to get setup and going with it and boom...you've got proper SSL and routing.

    • @falxie_
      @falxie_ Год назад +28

      As (unfortunately) a JavaScript developer I was very confused by this statement for a moment

    • @pieteryts
      @pieteryts Год назад +1

      not quite for me... since I'm not a linux users 😂
      mostly I used DNS domain record check for let's encrypt.

    • @RaidOwl
      @RaidOwl Год назад +2

      @@falxie_ haha yeah I have to think twice when seeing "NPM" now

    • @pavelperina7629
      @pavelperina7629 Год назад +1

      @@falxie_ nginx proxy manager. Yes, I barely touched JS and I had to ask chatgpt (which is suprisingly good for setting up simple stuff and writing simple shell script

    • @asandax6
      @asandax6 Год назад +4

      NPM is very confusing when you're not referring to Node Package Manager.

  • @brunosolothurnmann9205
    @brunosolothurnmann9205 Год назад +11

    Thank you - as I use Pi-hole, I had to add entries to the pi-hole local dns with the (sub-)domain names pointing to the proxy-manager. After that it run as you explained it.

    • @gibberingidiot
      @gibberingidiot 9 месяцев назад +1

      Thank you - just saved me a lot of head scratching...

    • @richardrussell5165
      @richardrussell5165 7 месяцев назад +1

      you saved me soo much stress

  • @Luniii737
    @Luniii737 Год назад +9

    Wow, thank you for this video! I didn't know (or think of) that you could point a domain name to a private IP address. That makes creating SSL certificates super easy like this! Love you

  • @MrMoogle
    @MrMoogle 5 месяцев назад +1

    My man! You are my hero. I've watched so many videos trying to figure out how to do this exact thing and you explained it all so perfectly. And the written guide to accompany it was an added bonus and very much appreciated. Thank you, sir!

  • @solidus1983
    @solidus1983 Год назад +3

    Thank You, I had been using an SSL per domain, didn't know you could create just one SSL cert. Now i do an have it set up thanks.

  • @BallerBubi
    @BallerBubi Год назад +5

    This solution is simply brilliant. I was searching for years for such an amazing and simple solution. Thank you.

  • @ChazBword
    @ChazBword Год назад +17

    Yet another great video Wolfgang. Outstanding work. I've been wanting to do this for a while for my homelab and this video is the push I needed. Thank you.

  • @dj_odradeck
    @dj_odradeck Год назад +2

    I use exactly this setup for over a year and it just works flawlessly. Even auro-renewing the let's encrypt cert works without any issues.

  • @mr.mentat.0x
    @mr.mentat.0x Год назад +8

    Dude... this intro speaks directly to my soul. Completely spot-on how it feels. The Blade Runner segment is perfect.
    Going to do this on my home lab, that's turned into something I'd see in the field, at work.
    Too funny man 😂😂
    *joined* 😂😂❤

  • @malteneuss8058
    @malteneuss8058 4 месяца назад +1

    This is such a great feature for self-hosting. Thanks for sharing. It's worth noting that some routers like Fritzboxes have a "DNS rebind protection" where you must add an exception. Otherwise you will bang your head against the wall why it doesn't work, like i did.

  • @brokenicelight
    @brokenicelight Год назад +15

    Your Video is like a rescue ring. I had trouble understanding this concept with the traefik guides from Techno Tim but now that you've implementet a sceamtic drawing it helped alot. Thanks! Again a Video to exact right time :D My instructor wanted me to get the basic of dns and teach myself but i was only stuck at this internal external stuff so you safed me :D

    • @AinzOoalG0wn
      @AinzOoalG0wn 10 месяцев назад

      did you get this to work for traefik? i need help for that x-x;

    • @brokenicelight
      @brokenicelight 10 месяцев назад +1

      @@AinzOoalG0wn Sadly not now since i haven't had much time yet. But i want to get it working with traefik. Maybe we could stay connected?

    • @AinzOoalG0wn
      @AinzOoalG0wn 10 месяцев назад

      @@brokenicelight i came up with a solution. i shutdown traefik and started up nginx proxy manager instead 🤣
      i got it to work kinda. even authentik works with it.
      just, it only works when my vpn is active. when its turned off, it no longer works 🥲

    • @AinzOoalG0wn
      @AinzOoalG0wn 10 месяцев назад

      @@brokenicelight well if u find out a solution plz do share. i had to go back to traefik cause there were some issues in npm i could not resolve 🥲

  • @noor_codes
    @noor_codes 28 дней назад

    Wow, Thank you soooooooo much, You have no idea how much headache I went through just to land here and it worked.

  • @adryanobrum
    @adryanobrum Год назад +9

    Another great video. Clean and simple. Please, you need to teach us how to configure a home assistant dashboard like yours! 🤟

  • @simonsays7212
    @simonsays7212 2 месяца назад +1

    I'm so excited that I hit the like and subscribed at 1:37. Now continuing with the video! SSL freedom.

  • @seanys
    @seanys Год назад +8

    Good to see a well done tutorial on the exact thing I’ve been trying to achieve for ages!

  • @revilo2208
    @revilo2208 10 месяцев назад +1

    Tausend Dank Wolfgang. This is exactly what I was looking for. I was this close to setting up my own CA and getting a headache trying to add the root certs to all the devices.

  • @nullnill
    @nullnill 6 месяцев назад +5

    pro tip: mine even with 120 didnt work, but 240 did!

  • @DrathVader
    @DrathVader 5 месяцев назад

    I finally got to set this up after watching the video months ago. I should have set up proxies long ago, much more convenient.
    One thing to mention is that this method works well with tailscale as well. I just put my server's tailscale IP instead of local network IP and it works perfectly. Really useful for privately sharing linux isos with friends.

  • @HeyDrianTV
    @HeyDrianTV 7 месяцев назад +7

    I can't get this to work with my Cloudflare domain. Any pointers?

  • @JmonteroArg
    @JmonteroArg Год назад +2

    This video was right on time!
    I was exploring how could I deploy things locally without deal with IPs and cert issues.
    Very valuable info, thanks for sharing.

  • @rodrimora
    @rodrimora Год назад +8

    I’ve found that some services require some special headers and if not configured correctly they break, that’s the hardest part for me, as finding the nginx headers needed for each services can be difficult

    • @WolfgangsChannel
      @WolfgangsChannel  Год назад +18

      Take a look at SWAG's reverse proxy conf repository - they have examples for pretty much every popular web application: github.com/linuxserver/reverse-proxy-confs

  • @MartinKL
    @MartinKL 10 месяцев назад

    Lots of information in this video, thank you. The text-blog was very helpful to see the commands without copying them from the video.

  • @NinjaNips
    @NinjaNips Год назад +20

    I’ve literally been looking for a tutorial like this for soooooo long 😫😫😫 thank you ❤

  • @ryanmalone2681
    @ryanmalone2681 5 месяцев назад +15

    Doesn't work for Cloudflare. There is no way of mapping an IP address for a challenge and when you add your name servers after the domain it fails. I don't want to use Duck DNS though. Maybe a video on how to do this using Cloudflare would be cool.

    • @Skyluxe
      @Skyluxe 16 дней назад +2

      For me actually it does work with cloudflare. You have to deactivate the proxy (only DNS via cloudflare).

  • @Nahga
    @Nahga 5 месяцев назад

    This was just fantastic. I didn’t know I needed something like this in my life until I saw the video. Very well done thanks a lot.

  • @Knufle
    @Knufle 11 месяцев назад +8

    Btw, great video! Thanks for explaining everything in such a concise and easy to understand manner.
    Just a heads up, apparently this method doesn't fully work on Chrome if you have Safe Browsing Standard or Enhanced protection enabled, for me I get the "Deceptive site ahead" warning for some of my local apps, like Jellyfin for example, but I don't get the warning for other apps like Code Server, so idk, just wanted to let you know.
    On Firefox I don't get warnings no matter what though, so that works just fine.

  • @nightyeve
    @nightyeve Год назад +1

    Thankss !
    Love how clear and fast you explain everything

  • @NicolaSelenu
    @NicolaSelenu Год назад +3

    this is EXACTLY what I was looking for. You are a lifesaver! (I know I know.. first world problems)

  • @aravind3626
    @aravind3626 Год назад +1

    I've been waiting for this for years...Thank you!!!!!!!!

  • @ankkitraj2625
    @ankkitraj2625 4 месяца назад

    I have been following this channel for years and did not realized I am not subscribed.

  • @newaira333
    @newaira333 11 месяцев назад +3

    Makes sense, though the traffic between the proxy and the service that is being accessed is still unencrypted correct? This gives the appearance like local traffic is encrypted, but really local traffic passes unencrypted to the reverse proxy before it is encrypted. I think it would have made sense to take an extra step and create a self-signed certificate that would be installed on the service and validated by the reverse proxy to ensure end-to-end encryption. Unless I'm missing something?

    • @WolfgangsChannel
      @WolfgangsChannel  11 месяцев назад +1

      This is not for security, it's for convenience

  • @senthilrajanr1
    @senthilrajanr1 6 месяцев назад

    I can not thank enough for this video. I was struggling to figure this out and your video helped me. Thank you

  • @gabrielrechy
    @gabrielrechy Год назад +3

    Gracias por este valioso contenido, hace tiempo que no encontraba como asignarle certificados válidos a un servicio que estuviera fuera Docker, pero ahora ya me di la idea de como poder solucionarlo gracias a tu vídeo ✌️

  • @wukerplank
    @wukerplank Год назад +2

    Learned something new, I wasn't aware that Letsencrypt can do wildcard certificates by now 🙌

  • @trbk_watch666
    @trbk_watch666 Год назад +5

    One minor correction about setting proxy hosts. Setting the forward hostname as localhost for any containers other than the Nginx Proxy Manager container leads to a 502 Bad Gateway error, even if all containers are running on the same network. I resolved it by using the IP address instead of localhost.

    • @Cookie-ey1vr
      @Cookie-ey1vr 3 месяца назад

      where would you find the IP address in the docker container?

    • @mattmallow
      @mattmallow 5 дней назад

      @@Cookie-ey1vr For me I used the IP address of my server. Both localhost and 127.0.0.1 spits 502. Then when I changed it to the IP of server it worked.

  • @MrXana91
    @MrXana91 7 месяцев назад

    Omg this is EXACTLY what i've been looking for for months! Thank you so much!
    That's a sub

  • @Lucavon
    @Lucavon Год назад +3

    Nice video! I've been doing something similar: wildcard certificates and wildcard dns pointing at my home's public IP. Then I have an nginx reverse proxy + SSL terminator and configs for my services. If I want a service to be publicly reachable, all I do is add an nginx config and boom, done. If I want something to be available only locally, I simply add an override into my pihole dns server or just add an ip-based allow/deny block to the nginx config. Simple, and the wildcards add a bit of security by obscurity - no more bots finding services by reading the DNS or certificate data. I'm getting my certs using dns-01 with the lego acme client.

    • @mayurbn230
      @mayurbn230 Год назад

      But this setup he did in the video is only for local right? You will need a tunnel for public access!! That is if u have a static public ip!

    • @mayurbn230
      @mayurbn230 Год назад

      Is your IP public or CGNATted?

    • @mayurbn230
      @mayurbn230 Год назад

      This wont work for remote access if im cgnatted right?

    • @Lucavon
      @Lucavon Год назад

      @@mayurbn230 I don't have any tunnel or anything. I just forward the port in my router to my server. My IPv4 is a public, static IP shared with noone

    • @mayurbn230
      @mayurbn230 Год назад

      @@Lucavon Oh makes sense then, mine is cgnatted, so i have to use a tunnel

  • @rayzerx
    @rayzerx Год назад +1

    I didn't know I needed this video until it was recommended to me. Amazing video and great explanations. Thanks for the caption. Greetings from Brazil. ✌🏽

  • @ayoubthegreat
    @ayoubthegreat 8 месяцев назад

    Thank you for this! It seemed complicated but after following along I got everything working perfectly.

  • @AarshMajmudar
    @AarshMajmudar 2 месяца назад +3

    Does this have auto renewals of certs ?

  • @MegaChiliMac
    @MegaChiliMac 9 месяцев назад

    excellent. exactly what i was looking for. and thank you for having this info in blog post format too.

  • @mcdazz2011
    @mcdazz2011 Год назад +6

    Another option involves becoming your own certificate authority and creating your own self-signed certificates.
    Takes five minutes, requires no external services and is as simple as typing in a few commands and importing the certificate authority (this does have to be done on every device, but only needs to be done once per device).

    • @_tobii
      @_tobii Год назад +3

      This feels more like the "correct" solution for me

    • @WolfgangsChannel
      @WolfgangsChannel  Год назад +9

      Definitely a good alternative if you prefer that. However, the problem is "once per device" also means "once per OS/ROM reinstall". In my opinion, managing the configuration centrally via one device running a reverse proxy is just a bit more convenient than having to manage it separately on every device in your home network. Some of which make it a real PITA to add certificate exceptions (e.g. smart appliances like TVs, gaming consoles etc.)

    • @NicolaSelenu
      @NicolaSelenu Год назад +2

      SHOW ME THE WAY :D (EDIT: found a bunch of tutorials.. thanks for pointing me in the right direction!)

    • @KnutBluetooth
      @KnutBluetooth Год назад

      This is also more secure as public CAs are best assumed compromised. For even more security an air gapped computer and a tamper proof USB mass storage device (such as Nitrokey Storage) should be used.

    • @furmek
      @furmek Год назад +4

      It's not a once per device setup. Firefox uses its own store for trusted ca - at least on windows. And good luck convincing samsung tv that the cert that plex server is using is indeed trusted.
      Another thing is that while revproxy tools can automate this for you, you will either have to create certs with long expiry dates or frequently rotate them manually.
      I'm not a fan on NPM (buggy piece of software) but this video has a point: it's easy to start with and once you get the concept spinning up traefik instance and adding few tags in docker compose for your services is even easier

  • @z1g
    @z1g 6 месяцев назад

    This is an amazing video, thank you very much. SSL cert errors set me off. I followed this and it worked flawlessly. I think modified to use my Tailscale VPN IP addresses and now I can access my home lab services anywhere with a nice certificate, makes me happy. Time to touch grass, thanks again.

  • @SuperWolfkin
    @SuperWolfkin Год назад

    holy snap.. 20 seconds from 1:00 and my mind is blown. Of course that would work. It's so easy and it solves EVERYTHING.

  • @cerealthree
    @cerealthree Год назад +3

    en-jinx one minute, engine-x the next! this is calculated trolling to stir up as much grumbling on both sides as possible

    • @gorillaau
      @gorillaau Год назад

      Trolling both sides, maybe. Or a case of ruffling both sides, rather than antagonizing one side only. You can win regardless, especially with the spread of audience by Wolfgang.

  • @TheDmankl
    @TheDmankl Год назад

    Seriously thank you so much for this.... I have been trying to find something like this but no one had a solution for this !!!

  • @yerunski
    @yerunski Год назад +2

    I'm only 1 min. 20 secs in the video and already hit the like button. I'm sure this will be better then my self signed certificates :)

  • @mavchb
    @mavchb 10 месяцев назад +4

    Hi, thank you for that vdieo I built an Unraid server two years ago and I have been trying to fix that certificate issue since then. Unfortunately it does not work like described. After setting it up like you did with duckdns and nginx I can open the NGinx WEBUI like you butr any other proxy host gives me a 502 bad gateway error (tried vaultwarden and jellyfin) any idea what I could do wrong?

    • @chrgeorgeson
      @chrgeorgeson 5 месяцев назад

      Simialr issues on my end. Did you ever get this working?

    • @mavchb
      @mavchb 5 месяцев назад

      @@chrgeorgeson I did. I had a knot in my brain. I alwys wnated to point nginx to the https address of the service (e.g.: vaultwarden) but the whole point is that nginx is the https endpoint so you need to tell nginx to open the http (no S) URL. Then it works.

    • @TheQwenton
      @TheQwenton Месяц назад

      @@chrgeorgeson HA same thing for me , just commeneted. Guessing it has to do with the way unraid builds its docker network and uses the same IP... Not sure..

    • @TheQwenton
      @TheQwenton Месяц назад

      figure anything out?

    • @mavchb
      @mavchb Месяц назад

      @@TheQwenton yes, I made the mistake to add the URL with httpS to nginx. That of course will not work as the connection between nginx and the actual website is regular http.

  • @philliii
    @philliii Год назад

    This is what i have been searching for. Thanks for the super easy to follow video. Saved me lots of pain. Great work. Cheeeeeeeeers!

  • @aliaghil1
    @aliaghil1 Год назад +1

    Great video as always. Thank you for sharing it with us. I am using pfSense in my environment and having HAProxy, however I needed a second proxy manager, your video helped me a lot with setting up the second one. 👍

  • @grahammccann8554
    @grahammccann8554 Год назад

    Thank you Wolfgang for making this video. Very easy to follow.

  • @onkelwernerswerkstatt
    @onkelwernerswerkstatt 5 месяцев назад +2

    i followed exact every step in the video and on the written tutorial but nothing works... maybe the tutorial is outdated

    • @dubsb540
      @dubsb540 5 месяцев назад

      Same here

    • @vincentcervone6272
      @vincentcervone6272 4 месяца назад

      @WolfgangsChannel I'm running into this issue too. Did you have to install the cert on the host itself?

  • @scotthewitt6047
    @scotthewitt6047 Год назад

    I set up passbolt last night and have the problem you just solved in this video thank you

  • @thefallenangel9544
    @thefallenangel9544 Год назад

    omg I was waiting for a tutorial using precisly docker and DuckDNS together and you just upload this perfect tutorial ! You save my time

  • @GehtGut
    @GehtGut 8 месяцев назад

    Thank you very much for this genius tipp ... !!!! You are the best !!!! Installed and works directly.

  • @dannysung3397
    @dannysung3397 7 месяцев назад

    Pretty awesome and relatively easy to setup! One issue I noticed is that Safari password autofill treats everything under the proxy as the same site... meaning it will suggest passwords for services with different hostnames. This can get a bit unwieldy if you have a lot of services with their own username/passwords.

  • @MrEric377
    @MrEric377 7 месяцев назад

    Thank you so much for this video, 1 thing I don't think anyone ran into is I had to wait almost a day for my registrar to reflect the IP changes. 🤦Now that I found you I'm going to look through your other video's Thanks again.

  • @sbx1
    @sbx1 Год назад

    Danke Wolfgang, dank deiner Anleitung war die Einrichtung sehr einfach! :)

  • @DaMonkeyFamily
    @DaMonkeyFamily 9 месяцев назад

    Awesome video, the explanations are just perfect. Thanks a lot mate

  • @pesfreak18
    @pesfreak18 Год назад

    Thank you for the Tutorial. Very good. Just got through everything and it works great.

  • @somedude5353
    @somedude5353 8 месяцев назад +2

    This doesn't work for me. I didn't use duckdns, instead my own domain. I have the SSL certificate setup, I've likewise added in the * subdomain, and it doesn't route.

  • @nastynaza
    @nastynaza Год назад +2

    Thank you! I managed to get this working with AWS Route53. The only difference is that the wildcard record needs to also be an A record, not a CNAME.

    • @topkek5378
      @topkek5378 7 месяцев назад

      you're a lifesaver

  • @elsuenodeluigy
    @elsuenodeluigy 10 месяцев назад +1

    you should paste all commands for making easy

  • @jayceroman6047
    @jayceroman6047 Год назад +1

    You uploaded this video at a weirdly perfect time for me.

  • @deandre1988
    @deandre1988 9 месяцев назад

    This is pretty nifty. I guess the logical next step is to setup and use a VPN, so that these url's can resove for devices on VPN when outside of LAN.
    As well as setup Dashy / Homer for all the services.

  • @pousoupoux
    @pousoupoux Год назад +2

    you skipped the cloudflare api token, but with some extensive google search i found that you need to create your own API token with edit dns zones permissions set to all zones

  • @xellaz
    @xellaz 9 месяцев назад

    This worked great on putting https secure connection locally on my new Raspberry Pi 5 running CasaOS! I just had to do a few modification on the ports and IP addresses but everything worked correctly at the end! Thanks! 👍

  • @Mhm_Rhm
    @Mhm_Rhm 10 месяцев назад

    Great tutorial. To the point. I have been looking for this for a while. Thanks. 😘

  • @aers11
    @aers11 Месяц назад

    Great tutorial - worked like a charm!

  • @rogerwprice
    @rogerwprice Год назад

    Wow - this is fantastically useful - many thanks - will be exploring more on your channel

  • @kennethros6365
    @kennethros6365 2 месяца назад

    Big thanks to this video! Finally I got it working!

  • @samjiman
    @samjiman Год назад

    This is useful, thanks. Waiting for my AML-S905X-CC and then I'll set this up.

  • @prezmix
    @prezmix 10 месяцев назад

    Well... Exactly what I was looking for! Thank you

  • @yeastdonkey846
    @yeastdonkey846 10 месяцев назад

    Great video. Got me up and running when I first set up npm. I changed to custom certs from Cloudflare, which last for 15 years though.

    • @justintongol7581
      @justintongol7581 9 месяцев назад

      Hey man, I'm curious. How is yours setup?

    • @yeastdonkey846
      @yeastdonkey846 9 месяцев назад

      @@justintongol7581 in terms of the CloudFlare cert? I just setup all my dns records through cloudflare and set them to proxied. Then I generated a cloudflare origin cert and imported them into npm. I also set my encryption on cloudflare to strict mode.

  • @gere364
    @gere364 7 месяцев назад

    Works like a charm! I love this solution!!

  • @sumukhas5418
    @sumukhas5418 6 месяцев назад +2

    Please make a video on how to setup pihole as DNS server on docker...

  • @FireStriker_
    @FireStriker_ 7 месяцев назад

    are you telling me i have been messing with the config file all this time while this existed? well im glad i found this now lol

  • @mspencerl87
    @mspencerl87 11 месяцев назад +1

    I had to add a *wildcard domain in my Local router via unbound DNS. To be able to resolve the domain and subdomains locally still.
    But after that everything worked

  • @der.Schtefan
    @der.Schtefan 10 месяцев назад

    ATTENTION, small mkstame. If your service is on the local host of your Docker host, outside a Docker container, 127.0.0.1 will NOT reach that service, it will have the proxy container contact itself. You will have to either use the special ip or hostname for Docker local host addressing, or use the external network interface ip.

  • @MichaelJM
    @MichaelJM 4 месяца назад

    I've been going mad trying to get step-ca to work. Had no idea you could put a private IP in the public DNS record. Very simple solution.

  • @MatiMape
    @MatiMape 8 месяцев назад

    Epic tutorial. Worked like a charm in a Raspberry Pi 4.

  • @tentickterror8308
    @tentickterror8308 Год назад

    i like the way you tilt your head to the right

  • @conrat2000
    @conrat2000 Месяц назад

    Awesome video. Thank you so much!

  • @MaksOuw
    @MaksOuw Год назад

    I did not known Nginx Proxy Manager, I'll give it a try tonight to remove my Nginx and custom configurations (so I'll have to dockerize every app I use + maybe it's time to use Ansible to avoid making everything by hand haha).
    Thanks for the tutorial !

  • @yotu9670
    @yotu9670 Год назад

    sweet. never thought of this option. thanks

  • @MrTandrol
    @MrTandrol 5 месяцев назад

    Thank you so much! Worked like a charm :)

  • @redo1122
    @redo1122 Год назад +1

    i think it's nicer if you used docker or podman gui like podman desktop, which is even simpler

  • @Noir1234
    @Noir1234 6 месяцев назад +2

    Hey, very nice video, but i got an issue, i already use the nginx proxy manager in combination with a domain and cloudflare to expose some stuff to the outside world.
    is it also possible to use the same nginx pm and domain for the local ssl stuff?

  • @vikingursigurdsson4985
    @vikingursigurdsson4985 Год назад

    Thai is exactly what i was looking for. Thank you

  • @RamiKattan
    @RamiKattan 10 месяцев назад

    Greatest tip ever, worked on the second try

  • @makeitcloudy
    @makeitcloudy 8 месяцев назад

    another great tutorial, awesome stuff, thank you !

  • @NameyNames
    @NameyNames Год назад

    Very interesting idea, I really should try it out since I'm pretty sick of the constant nagging caused by self-signed certs in my home network. 😑👍

  • @pedrorosal560
    @pedrorosal560 2 месяца назад

    Thank you so much for this video man so helpful! Subbed.

  • @jdb6284
    @jdb6284 Год назад

    exactly the issue i was pulling my hair out of a few weeks ago. Had no idea something like this existed, thanks man!