There is a huge reason to use HTTPS inside the LAN - so many browsers and other client software show HTTPS connections as more secure, with a nice padlock. For me, this was worth the minor inconvenience of setting up DNS-challenge with let’s encrypt with a domain I already had.
Comment on How do I host Jellyfin in the most secure manner possible?
HybridSarcasm@lemmy.world 1 week ago
I applaud your accomplishment as a penetration tester. I am disappointed at your lack of understanding regarding non-public networking.
Move your VPN to your router. Don’t bother with HTTPS on anything not exposed to the Internet.
If that does satisfy your concerns, you may want to give up using electronic devices.
sem@lemmy.blahaj.zone 1 week ago
HybridSarcasm@lemmy.world 1 week ago
Your huge reason is the padlock in the browser bar? I’m not against TLS internally. I do it myself with my own CA. For this particular instance and the unique requirements, it seemed easiest to avoid TLS.
sem@lemmy.blahaj.zone 1 week ago
Yes it is. I got so annoyed by seeing it unlocked.
Lem453@lemmy.ca 1 week ago
No reason not to have both. Things like vaultwarden do warrant an extra layer so setup wildcard domain for internal services x.local.example.com and then normal certs for external stuff like y.example.com.
To get internal stuff you then need your vpn as well to access it. You can now easily choose what risk you want on a per app basis.
Technotim has a good video on this