How can I force https on my apps
Comment on I finally bought a domain! Now what
someonesmall@lemmy.ml 3 days agoThis. Do not expose any service to the internet or even LAN. All clients need to connect via VPN to your machine, no matter if from LAN/home or on the road (WAN/Internet). You can still use a reverse proxy and custom domain names so inside the VPN network everything is HTTPS and each service has a nice domain name.
philanthropicoctopus@thelemmy.club 3 days ago someonesmall@lemmy.ml 10 hours ago
You need something like Traefik which does https for the services.
Jason2357@lemmy.ca 3 days ago
Sounds like you may be really starting from scratch on your learning. It would be best to work entirely inside a VPN like tailscale for complex apps like jellyfin if you want them. You can set up https, but there’s no harm either way. You might not use your own domain right away inside your VPN, but you will a little down the road. You will get annoyed with using IP addresses for your services and set up an internal DNS server eventually. You can safely experiment and make mistakes inside your tailnet.
For learning to set up an open Internet exposed service, use a completely isolated, dedicated computer (maybe a raspberry pi on a demilitarised zone of your internet router or better yet a $5 VPS on someone else’s network). Then read up on hosting a “static website” with either ngnix or Caddy. I prefer the latter because one short config file can set everything up for https and take care of the certificates for you. This can eventually become the gateway into your other services from the open Internet, but do not do that from the start, just a simple personal website. This will require learning a little Linux system admin, SSH (read up on key based authentication so you can disable password authentication in SSH), remote file management, and configuring a webserver, DNS, and certificates. Lots to learn.
Because it is just hosting static webpages, theres almost no risk of it being hacked and used maliciously if you misconfigrure something or forget to patch it. Static sites are awesome nowadays anyway, though, you don’t even really need a fancy site generator to get started, just some simple HTML files. A fun and easy project is a hand written list of your favourite web links and then set your browser’s new tab page to it. Instantly useful and fully under your control.
I actually envy your spot on your learning journey. It was such a rewarding experience for me to do all the above.
valar@lemmy.ca 3 days ago
This seems a bit extreme to me. I have services exposed to the internet.
queerlilhayseed@piefed.blahaj.zone 3 days ago
I think it’s good advice for beginners. If you’re inside a VPN you get a little more breathing room to figure out how to properly provision and wire up your services without having do deal with all the security and scaling concerns that can come from public hosting. Also, new hosters are really likely to set up their reverse proxy and not patch it and leave it open to known vulnerabilities that get exploited months or years down the line… not that that ever happened to me…
Anyway, I think inside a VPN is a good way to get your feet wet. Setting up a public website is fun but I wouldn’t advise it as a first step.
Jason2357@lemmy.ca 3 days ago
For a personal website, just point the main domain or one subdomain at something like github pages or another static site hoster to start forwarding email to their regular email. Zero maintenance to start and cost.
someonesmall@lemmy.ml 2 days ago
Actually it is simple and secure. I’ve been using it for 8+ years.