this post was submitted on 08 Aug 2024
498 points (99.0% liked)

Selfhosted

40183 readers
1133 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 49 points 3 months ago (47 children)

Browsers barf at non https now. What are we supposed to do about certificates?

[–] [email protected] 4 points 3 months ago (3 children)

I found options like .local and now .internal way too long for my private stuff. So I managed to get a two-letter domain from some obscure TLD and with Cloudflare as DNS I can use Caddy to get Let's Encrypt certs for hosts that resolve to 10.0.0.0/8 IPs. Caddy has plugins for other DNS providers, if you don't want to go with Cloudflare.

[–] [email protected] 3 points 3 months ago (1 children)

Might be an idea to not use any public A records and just use it for cert issuance, and Stick with private resolvers for private use.

[–] [email protected] 3 points 3 months ago (1 children)

It's a domain with hosts that all resolve to private IP addresses. I don't care if someone manages to see hosts like vaultwarden, cloud, docs or photos through enumeration if they all resolve to 10.0.0.0/8 addresses. Setting up a private resolver and private PKI is just too much of a bother.

[–] [email protected] 1 points 3 months ago

My set up is similar to this but I'm using wildcards.

So all my containers are on 10.0.0.0/8, and public dns server resolves *.sub.domain.com to 10.0.0.2, which is a reverse proxy for the containers.

load more comments (1 replies)
load more comments (44 replies)