Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
If you are only having your services accessible via LAN, HTTPS isn't totally necessary, but I would still recommend it. I think a reverse proxy will be easier than your described method. Just set it to listen to 443 and have all of your other services on random ports being proxied from the reverse proxy. If you want HTTPS from your reverse proxy to your services, most reverse proxies will have this kind of feature. Here is the caddy L4 raw TCP stream module: https://github.com/mholt/caddy-l4
HTTPS keeps browsers from nagging you about sites being insecure. They really nag you if you use a self-signed cert and don't add the root to your trusted certs. I realized without a reverse proxy, I would have to configure certificates for each app, then probably manually replace them all each time they expire. I guess acme.sh can handle installing a certificate in multiple locations. Do you recommend caddy over nginx for a reverse proxy?
Related posts
- Setting up a Homelab: Part 1 Proxmox and LetsEncrypt
- How to Build Email Server with Exim on Alma Linux 9
- Ask HN: What is your experience with ZeroSSL?
- The Bureau of Meteorology website does not support connections via HTTPS
- How to get LetsEncrypt certs from PfSense/ACME to other machines? (automated??)