• Use cloudflare to get an api token
  • Set an a record for a wildcart cert *.domain.com pointing towards your servers local IP such as 192.168.0.1, turn off cloudflare proxy
  • Go into NPM and setup the SSL cert using dns challenge and your api token
  • setup a proxy host user your subdomain.domain.com pointing towards your docker container
  • key step!!! make sure you do not have conflicting ports 80 and 443 on your machine. On unraid the device management ports are set to this, but for NPM to do local proxies, it needs access to these ports.
  • 2xsaiko
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    14 hours ago

    This seems super overcomplicated. What I would do is put all the subdomains on the public DNS, let HTTP(S) through the firewall for the respective hosts, deny everything from outside of your local network on the http server that isn’t under the HTTP challenge path and then run the HTTP challenge as you would for a public site.

    Then you can get certs, everyone outside trying to access will get 403, and inside the network you can access as normal.

    Of course you’ll have to trust your http server’s ACL for that, but I’m just going to assume servers like nginx (which I use) have a reliable implementation.