Comment on Securely Expose your Homelab Services with Mutual TLS - YouTube
daniskarma@lemmy.dbzer0.com 8 months ago
I tried long ago, but as they said, client side authentication is an issue, most clients do not support it.
I have a system, I use wireguard vpn and for when I want to use a domain name with proper tls (because some client apps require a proper tls connection to work) I set my caddy reverse proxy to only accept request from localhost.
So, there’s a public domain with let’s encrypt TLS, and that domain can only be properly access from local network. Then I connect using vpn to my local network and the client app can access the service over a CA verified TLS.
I set my caddy reverse proxy to only accept request from localhost.
It is a bit more involved but you can actually get a proper cert for localhost stuff, with your domain pointing to an internal ip addr and not risk exposing your public ip and having to open a port.
Signed by a AC?
I had a lot of issues with some apps not allowing self-signed certificates and the app used their own list of allowed AC or something, I was unable to make it allow my own certificates even adding my own root certificate to Android.
No, signed by Let’s Encrypt, a proper, real cert. gist.github.com/…/fc04b081ed19910618770c6be998de0…
zqps@sh.itjust.works 8 months ago
From localhost? Did you mean from local network or am I misunderstanding your point here?
daniskarma@lemmy.dbzer0.com 8 months ago
Yes, local network I meant.