I want my self hosted things to use https. For example, I have Jellyfin installed via docker, and I want it to use https instead of http.

I don’t care about necessarily doing this the “right” way, as I won’t be making Jellyfin or any other service public, and will only be using it on my local network.

What is the easiest way to do this? Assume everything I host is in docker. Also a link to a tutorial would be great.

Thanks!

  • cmnybo@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    6
    ·
    5 months ago

    I just add my CA to my devices and use self signed certificates for stuff on my LAN. I don’t want to go through all the trouble of using lets encrypt for something that’s not accessible from the internet.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      5 months ago

      This is the most permanent solution. You can generate valid and trusted certs for as long as you want. Let’s Encrypt is great, but you also have to configure the automation to keep renewing the certs every 30 days.

    • postnataldrip@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      5 months ago

      If you mean signed by your CA then this is me too, albeit with an intermediate CA in the middle (honestly pointless in my case, but old habits etc).

      I don’t host anything externally and trusting the CA certs internally is easy as Ionly need to do it on a handful of devices. This + reverse proxy keeps things tidy and uncomplicated.

    • azl@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 months ago

      I’ve been doing it this way for many years, before LetsEncrypt was around. Maybe some day I will switch so I can become dependent on another third party (though I do use LetsEncrypt for public-facing services).

      Yes, telling your computer to trust a certificate chain that you are responsible for securing may significantly increase your attack surface. It’s easy to forget about that root cert (I actually push mine via GPO).