Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
I‘m not totally sure what you are trying to accomplish.
To access your lan services over https you need a certificate, a dns and a reverse proxy (at least thats how I do it).
I know cluudflare does reverse proxy stuff but I‘m not too deep into that.
So if you mean you expose your services to cloudflare and access them from the web. Yes, they’re gonna be down. If you have a nother way of accessing them on lan (e.g. ip:port) then you should be able to at least reach them but https is not going to work.
For that you can use a local certificate. It’s a bit of work but if you have a domain and nginx proxy manager, you‘ll be good. Let me know if you need help
I have a reverse proxy(traefik) on my LAN to handle sub domain service routing. I want https but don't want to have to install certs on all the clients using the services. I want the s but don't want my services to be unavailable if my Internet goes down.
You only need a letsencrypt cert on the reverse proxy, the services themselves don't need them.
Thanks for elaborating. Thats exactly my usecase. You can use lets encrypt certs with a dns challenge I believe. You wildcard a subdomain like *.abc.def.com
Then you set your services to e.g. homeassistant.abc.def.com both on proxy and local dns.
I believe you have to expose your ports once to get the cert and close them immediately. You set the domain to point to the public ip of your router, get the challenge done, close ports and the public domain goes nowhere.
Install the cert, point the local dns to your server ip, done.
If you need more info, let me know.
Replace traefik with this https://nginxproxymanager.com/
I don't know if cloudflare can do this, but I have a different DDNS + Let's Encrypt setup and I configure my router to set the same local domain as the public domain (in openwrt it's
local server
+local domain
although I'm not aware of the distinction between the two). So when requests are sent over LAN (or over a VPN) the router points me to the LAN device directly, rather than needing to go through external DNS. HTTPS still works since to the client it's the same domain as the certificate is linked to.Hope that makes sense as I haven't fully got my head around it. I just know it works (indeed I just disabled my internet to test, and the services are still accessible over HTTPS).
Then no, you won't be able to access your service via https when your internet is down because it's terminated at cloudlare's server. You can still access your service directly without https, or with https but with a self-signed certificate.