• gitamar@feddit.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      24 days ago

      How did you set up you SSL certificates, are you using a self signed certificate or do you use a custom subdomain?

        • gitamar@feddit.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          23 days ago

          Thanks, that sounds good. Can you explain more how you used the plugin for the wildcard certificate?

          • d_k_bo@feddit.org
            link
            fedilink
            English
            arrow-up
            1
            ·
            22 days ago

            To get a TLS certificate from Let’s Encrypt, they need to verify that you are in control of your domain. For regular domains, this can be done via HTTP, for wildcard certificates they require you to create a DNS record with a special token to verify ownership of the domain.

            This means that in order to automatically obtain a TLS certificate, caddy needs to interact with the API of your domain registrar to set up this record. Since there are many different providers, this isn’t built into caddy itself and you require a version that includes the corresponding caddy-dns module. Caddy modules need to compiled into the binary, so it’s not always trivial to set up (in my case I have a systemd timer that rebuilds a local container image whenever a new version of the docker.io/caddy:builder image is available).

    • Gregor@gregtech.eu
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      5
      ·
      24 days ago

      Duh, you need a reverse proxy to host most of the stuff (if you want to run more than 1 service and use HTTPS). I use Traefik btw, though I heard Caddy is very easy to use.