acme.sh
Nginx Proxy Manager
Our great sponsors
acme.sh | Nginx Proxy Manager | |
---|---|---|
276 | 651 | |
36,268 | 19,499 | |
1.8% | 3.7% | |
8.8 | 8.8 | |
7 days ago | 3 days ago | |
Shell | JavaScript | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
acme.sh
-
Why Certificate Lifecycle Automation Matters
Huh, the environment variable thing was specifically aimed at acme.sh which rather arbitrarily changed the config value from ACMEDNS_UPDATE_URL to ACMEDNS_BASE_URL, never acknowledged this in a changelog and then silently failed after an automatic upgrade as recommended by the default install:
https://github.com/acmesh-official/acme.sh/commit/2ce145f359...
It's also cleared out my .account.conf files when run on the suggested cron.
I've started using updown which also monitors my TLS certs simply because I no longer trust the process to work as documented.
-
The Bureau of Meteorology website does not support connections via HTTPS
It depends on your provider though. I can tell from experience that with OVH and their API, it's been easy to set up the automatic renewal via DNS verification. Apparently, the official client has support for the DNS API of 159 providers: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
-
I made a tool for automatically updating the current and next (rollover) TLSA DNS records with acme.sh and the Cloudflare API
For the few people here that happen to run a self-hosted email server with acme.sh for TLS key/cert generation and Cloudflare for DNS management, I have made a tool that i personally use to get a perfect 100% score on Internet.nl's email test.
-
IT Pro Tuesday #276 - Cert Automation, Packet Analysis, Vim Cheatsheet & More
acme.sh is a lightweight Unix shell script for automatic issuance and renewal of free certificates in a Unix environment. It's compatible with Bash, dash, and sh; Docker/IPv6 ready; requires no external dependencies; and can issue, renew, and install certificates without the need for root or sudoer access. Thanks for this recommendation go to blitznogger.
-
Cannot install with mack-a's v2ray-agent script
Error troubleshooting: 1.Failed to obtain Github files, please wait for Github to recover and try, the recovery progress can be viewed at [https://www.githubstatus.com/] There is a bug in the 2.acme.sh script, see [https://github.com/acmesh-official/acme.sh] issues
My vps is located in Japan so there shouldn't be any trouble grabbing files from github and such but it obviously timed out every time the script tried to grab acme.sh's repository. Has anyone tried this script lately with success?
-
HAProxy is not affected by the HTTP/2 Rapid Reset Attack (CVE-2023-44487)
you may wish to use certbot instead:
-
Caddy is the first and only web server to use HTTPS automatically and by default
like https://github.com/acmesh-official/acme.sh/wiki/Stateless-Mo...
If DNS-01 is not an option or to complicated, this saves you from exposing a host to the internet for no good reason.
-
Where do you get/setup certificates from for your https/ssl?
Caddy where possible, and acme.sh or lego where not.
-
Internal Server Error when proxy host directs to router
The SSL certificate for my wildcard domain is currently managed by the acme.sh script running as a Docker container until the issue with NPM and Azure DNS certificate management is resolved.
Nginx Proxy Manager
-
Ask HN: What Underrated Open Source Project Deserves More Recognition?
I discovered these 3 amazing projects recently:
Cryptpad, essentially google docs/sheets/forms e2e encrypted. It does include collaboration. https://github.com/cryptpad/cryptpad
Immich, google photos self hostable, with share options https://github.com/immich-app/immich
Nginxproxymanager manages certificates and proxies to self hosted stuff through nginx https://github.com/NginxProxyManager/nginx-proxy-manager
Great self hosting stuff!
-
DevOps Simplified: Easy-to-Use Container Projects Deployment
Nginx Proxy Manager
-
:latest or :version for supporting services?
Prime example: Nginx Proxy Manager is often recommended in the sub. The latest minor release came with breaking changes (so already ignoring semver). I bet you many people were running on latest and then had broken stuff: https://github.com/NginxProxyManager/nginx-proxy-manager/releases/tag/v2.10.0
-
Has anyone been able to set up dockerized CrowdSec in front of dockerized NPM using official images only?
Here is the (NPM) GitHub issue where the "fork of a fork" image came into existence (lepresidente/nginx-proxy-manager). It has some interesting discussions about the challenges of having NPM and CrowdSec coexist and cooperate.
-
MyQ's horrible take on open access to their devices
Agree with this, myQ is such a dumpster fire. It needs to have an the ability to be managed over the local network instead of requiring the garage door and app connect to their server.
My very first experience with myQ was figuring out that their IP blocklist provider, brightcloud, blocks anything with the word "proxy" - including the default "it works" page for Nginx Proxy Manager [1]. And they have no way of overriding this to actually provide service if someone turns out to be a legitimate customer.
[1]: https://github.com/NginxProxyManager/nginx-proxy-manager/dis...
-
My Home Lab setup
Load Balancer: NPM Static IP VPN: PureVPN Proxy Server: CCProxy
-
Domains and Email hosting
As far as website hosting, just set up a few Docker containers: one for a web-server of your choice, and one for a reverse proxy. I recommend Nginx Proxy Manager. It handles SSL certificates for you in a super simple way (both the initial acquisition process as well as auto renewal) and makes it easy to expand to using multiple web servers in the future, or setting up redirects without filling up your DNS records.
-
Risk of self-hosting smaller projects
Feel like Christian Lempa is being a bit too lenient with the developer of Nginx Proxy Manager. jc21's handling of reported vulnerability was poor. 10 months to fix and then simply including it in the list of changes for v2.9.20 without publishing a security advisory. Not great. And to make matters worse, the project still doesn't have a security policy.
- Trouble setting up reverse proxy with Nginx.
-
Raspberry Pi 3b+ enough for proxy server
Docker runs on the 3B+ so you could use this [Github] or the one I have deployed here [NGINX Proxy Manager site] amongst others.
What are some alternatives?
traefik - The Cloud Native Application Proxy
docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
socks5-proxy-server - SOCKS5 proxy server
acme-dns - Limited DNS server with RESTful HTTP API to handle ACME DNS challenges easily and securely.
BunkerWeb - 🛡️ Make your web services secure by default !
docker-pi-hole - Pi-hole in a docker container
homer - A very simple static homepage for your server.
caddy-docker - Source for the official Caddy v2 Docker Image
frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
letsencrypt - Certbot is EFF's tool to obtain certs from Let's Encrypt and (optionally) auto-enable HTTPS on your server. It can also act as a client for any other CA that uses the ACME protocol.
proxmox-scripts
authelia - The Single Sign-On Multi-Factor portal for web apps