I’ve been doing the SSL with Caddy and Let’s Encrypt via CertBot. Extra work but not too bad once you figure it out (and take notes since I forget by the time the renewal comes around :)
I still need to find time to set up auto renewal… One day
Thank you for your answer.
My problem is, that I would like to keep my (Docker) services like Silverbullet.md in my local network only and reach them exterally by Wireguard VPN.
Before https I reached my services with <ip>:<port>, which worked fine with VPN.
As mentioned here, there are now only a few options to get https without open everything to the world:
Set my local servers ip as localhost by ssh ( ssh -N -L 3002:localhost:3000 user@someip) which works, but needs to be added for every client and every access.
Add a hosts file entry (e.g. silverbullet.lan 192.168.1.123) on every client to access the local server and add a Caddyfile entry with a selfsigned certificate.
Put a local DNS server like dnsmasq or bind9 in my network and add local domains there (like silverbullet.lan) and use Caddy again for SSL. That’s the point where I haven’t figured out how to get it running over Wireguard VPN.
I don’t want to rely on external services like Tailscale.
I’ve been doing the SSL with Caddy and Let’s Encrypt via CertBot. Extra work but not too bad once you figure it out (and take notes since I forget by the time the renewal comes around :)
I still need to find time to set up auto renewal… One day
Thank you for your answer.
My problem is, that I would like to keep my (Docker) services like Silverbullet.md in my local network only and reach them exterally by Wireguard VPN.
Before https I reached my services with <ip>:<port>, which worked fine with VPN. As mentioned here, there are now only a few options to get https without open everything to the world:
Set my local servers ip as localhost by ssh ( ssh -N -L 3002:localhost:3000 user@someip) which works, but needs to be added for every client and every access.
Add a hosts file entry (e.g. silverbullet.lan 192.168.1.123) on every client to access the local server and add a Caddyfile entry with a selfsigned certificate.
Put a local DNS server like dnsmasq or bind9 in my network and add local domains there (like silverbullet.lan) and use Caddy again for SSL. That’s the point where I haven’t figured out how to get it running over Wireguard VPN.
I don’t want to rely on external services like Tailscale.