This plus technitium DNS is exactly my approach.
Comment on How to reverse proxy?
Bishma@discuss.tchncs.de 10 months ago
I use Nginx Proxy Manager running as a docker container. Its a gui that makes administration more straight forward. It points at all my services (docker and otherwise) and handles the SSL for me. Because I don’t want to have any ports open I use DNS challenge ACME and NPM has build in support for a number APIs from large public DNS providers to automate that.
philpo@feddit.org 10 months ago
CapitalNumbers@lemm.ee 10 months ago
i have nginx proxy manager set up all as well, but haven’t worked out the SSL part yet, so all my internal docker services are still on http
out of interest, how did you set up https with npm?
Bishma@discuss.tchncs.de 10 months ago
First set up your certificate in the SSL tab of NPM. You can either upload a traditional certificate or set up LetsEncrypt. Be aware that starting next sprint the maximum length of a certificate will drop to 9 months and continue to decrease over the next few years until its 47 days.
I have mine set up so LetsEncrypt gets a wildcard cert for my domain (via DNS challenge). Some people go with per subdomain certs.
Once you have the cert, go you each of your hosts and switch to its SSL tab. Then select your cert. Then I usually turn on “Force SSL”
CapitalNumbers@lemm.ee 10 months ago
does a wild card cert essentially mean i have use one cert which will cover all my subdomains as well as the primary domain?
Bishma@discuss.tchncs.de 10 months ago
yes