Our great sponsors
-
mkcert
A simple zero-config tool to make locally trusted development certificates with any names you'd like.
I would suggest mkcert, https://github.com/FiloSottile/mkcert This tool can even install the root CA onto your system and into your web browser. https should "just work" after you run the tool, install the root ca, and configure your http server to use the cert+key (and maybe the intermediate chain if needed, I cant remember)
-
When you say “no internet dependence”, do you mean just not allowing inbound HTTP access, or no outbound internet connections at all? If the former, you can utilise DNS challenges via Let’s Encrypt, then use a local DNS server to point the corresponding full domain to the internal IP address of your web server. If your domain registrar has a DNS API, this can be automated using ACME clients like Lego. Cloudflare and Gandi are two good options.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
I (FINALLY) just configured my LAN server to host HTTPS using a duckdns.org dns name without opening ports to the outside world. The trick was to use my opnsense route to do the dynamic dns updates and acme cert registration/auto-renewal. The opnsense plugin has an automation that copies renewed certs via SFTP to my internal webserver. It may sound weird but think of it as faux load balancer; LAN traffic is port forward to the server's NAT ip, WAN traffic is denied. I am now using nginx-proxy to update all of my containers to resolve to path based routes and if I can stop pulling out what little hair I have left, some sort of SSO through Organizr
-
I (FINALLY) just configured my LAN server to host HTTPS using a duckdns.org dns name without opening ports to the outside world. The trick was to use my opnsense route to do the dynamic dns updates and acme cert registration/auto-renewal. The opnsense plugin has an automation that copies renewed certs via SFTP to my internal webserver. It may sound weird but think of it as faux load balancer; LAN traffic is port forward to the server's NAT ip, WAN traffic is denied. I am now using nginx-proxy to update all of my containers to resolve to path based routes and if I can stop pulling out what little hair I have left, some sort of SSO through Organizr
-
If you can add CAs to the hosts that will access this server, you can be your own certificate authority. mkcert is good, as mentioned elsewhere, or you can go all out: https://github.com/OpenVPN/easy-rsa
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Related posts
- I am once again asking that "web" and "fullstack" developers...
- Where do you get/setup certificates from for your https/ssl?
- Anyone using WireGuard with a domain name? Any ideas to lower the bills?
- Automating LE renewals with dns-01?
- Searching for a solution to get letsencrypt and traefik working for my local nas