So, I have a few services (Jellyfin, Home Assistant, etc) that I am running, and have been acessing via their IP’s and port numbers.
Recently, I started using NGINX so that I could setup entries in my Pi Hole, and access my services via some made up hostname (jellyfin.home, homeassistant.home, etc).
This is working great, but I also own a few domains, and thought of adding an SSL cert to them as well, which I have seen several tutorials on and it seems straight forward.
My questions:
Will there be any issues running SSL certs if all of my internal service are inward facing, with no WAN access? My understanding is that when I try to go to jellyfin.mydomainname.com, it will do the DNS lookup, which will point to a local address for NGINX on my network, which the requesting device will then point to and get the IP of the actual server.
Are there risks of anything being exposed externally if I use an actual CA for my cert? My main goal is to keep my home setup off of the internet.
If you use Let’s Encrypt, or any public CA, all of your domains and certificates will be public. You can use a wildcard to avoid revealing subdomains. There is a website that you can use to search what is available, but I don’t remember what it is.
I suspect there aren’t any serious risks to having that information revealed. The only real reason would be privacy against which services you are using on that domain.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
If you use Let’s Encrypt, or any public CA, all of your domains and certificates will be public. You can use a wildcard to avoid revealing subdomains. There is a website that you can use to search what is available, but I don’t remember what it is.
I suspect there aren’t any serious risks to having that information revealed. The only real reason would be privacy against which services you are using on that domain.
yeah true but if the DNS records aren’t actually pointing anywhere then there’s no real threat no? because everything stays in the internal network
People can see what domains you use with TLS, but that could be OK: https://letsencrypt.org/docs/ct-logs/