Selfhosted

49861 readers

1330 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

ruud@lemmy.world

CannaVet@lemmy.world

Loki@lemmy.world

HybridSarcasm@lemmy.world

devve@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

Securely Expose your Homelab Services with Mutual TLS - YouTube (www.youtube.com)

submitted 1 week ago by possiblylinux127@lemmy.zip to c/selfhosted@lemmy.world

23 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] daniskarma@lemmy.dbzer0.com 4 points 6 days ago* (last edited 6 days ago) (2 children)

I tried long ago, but as they said, client side authentication is an issue, most clients do not support it.

I have a system, I use wireguard vpn and for when I want to use a domain name with proper tls (because some client apps require a proper tls connection to work) I set my caddy reverse proxy to only accept request from ~~localhost~~ local network.

So, there's a public domain with let's encrypt TLS, and that domain can only be properly access from local network. Then I connect using vpn to my local network and the client app can access the service over a CA verified TLS.

[–] napkin2020@sh.itjust.works 2 points 6 days ago (1 children)

I set my caddy reverse proxy to only accept request from localhost.

It is a bit more involved but you can actually get a proper cert for localhost stuff, with your domain pointing to an internal ip addr and not risk exposing your public ip and having to open a port.

[–] daniskarma@lemmy.dbzer0.com 1 points 6 days ago (1 children)

Signed by a AC?

I had a lot of issues with some apps not allowing self-signed certificates and the app used their own list of allowed AC or something, I was unable to make it allow my own certificates even adding my own root certificate to Android.

[–] napkin2020@sh.itjust.works 2 points 6 days ago

No, signed by Let's Encrypt, a proper, real cert. https://gist.github.com/jkelin/fc04b081ed19910618770c6be998de0e

[–] zqps@sh.itjust.works 1 points 6 days ago (1 children)

From localhost? Did you mean from local network or am I misunderstanding your point here?

[–] daniskarma@lemmy.dbzer0.com 0 points 6 days ago

Yes, local network I meant.