Hey all,

Hope this is the right place to be asking (Reddit refugee), but do any of you setup certs for inward facing services? For example, I run “Whoogle” on my proxmox server, which I then access from several other devices when performing searches.

The connection between my machines and that proxmox VM are not encrypted, however only my VLAN (for personal devices) is able to access it.

Is it good practice to create a certificate for those types of servers that can only be accessed within your own network, or overkill?

  • Lem453
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    You’ve got the right idea. You need to have a reverse proxy (like traefik) and a local DNS server (either pihole or something built into a router like unbound which is built into opnsense).

    Once you have a sense of how to use the reverse proxy and the DNS server, you can watch this video as a great tutorial.

    Basically you need to use a wildcard domain for anything that is not accessible over the internet.

    https://youtu.be/liV3c9m_OX8

    I got this setup and it works very well.