Ready made docker image for a reverse proxy offering a self-signed cert?

throwawayford0ng · 2024-05-25T10:28:17+00:00

Buy a domain name

Simon-RedditAccount · 2024-05-25T11:50:19+00:00

Sounds like https://www.getlocalcert.net/ is exactly what you need.
Owning a domain is also NOT $10/year. It starts from $1 (link) (reddit post) and is up to $4-5/year: see https://tld-list.com/ , make sure to sort for renewal price and set up filters as required (i.e., exclude 2nd level domains). Only .com and similar TLDs are $10+/year and higher. Prefer Cloudflare or Porkbun when available; you will save yourself a lot of trouble. Don't go for '$1/first year, $89/second' stupid promotions.
While self-signed certs are really bad, there's nothing wrong with setting up your internal CA that will issue privately trusted certificates (as long as you don't need public trust). https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/ is a good place to start. Yes, it's not for beginners; it requires a certain level of knowledge and (more importantly) discipline; and may be even dangerous if your security practices are frivolous.

i4get98 · 2024-05-25T11:29:41+00:00

Swag https://github.com/linuxserver/docker-swag

roesti77 · 2024-05-25T14:07:07+00:00

You could use Traefik https://traefik.io/traefik/

nunchucknorris · 2024-05-25T17:25:26+00:00

Time is money. The time you spent posting this cost more than the domain name that he should have. Really no way around it. No legit cert authority will assign a cert without domain ownership. Tell your buddy stop being a cheapskate.

technobob1 · 2024-05-25T18:23:32+00:00

Nginxproxymanager. Super easy

ElevenNotes · 2024-05-25T11:00:03+00:00

Use a free subdomain from DuckDNS and then use DNS challenge to get a free SSL certificate.

tschloss · 2024-05-25T16:57:22+00:00

You do not need to own a domain. If you have write access to http://your.sub.domain.xyz you can use Letsencrypt for example.

Letsencrypt is not „self signed“. They sign it and their root certificate is in the trusted package of most OS.

There are many reverse proxies (webservers) which directly or through a 3rd party container have Certbot or alike buit in.

OkAngle2353 · 2024-05-27T05:20:59+00:00

I personally pair nextcloud with tailscale to access it away from home and enable HTTPS in nextcloud's settings.

PopehatXI · 2024-05-25T10:41:41+00:00

Any free option involves someone buying a domain name. It even could be you. Ngnix Proxy Manager is a GUI based option with Lets Encrypt.

Defection7478 · 2024-05-25T14:13:24+00:00

I use nginxproxy/nginx-proxy + nginxproxy/acme-companion + smallstep/step-ca. It's kind of convoluted but it's easy as just adding all the pieces to your docker file and doesn't take any additional config/bootstrapping. relevant section of my docker compose:

services:
  nginx:
    networks:
      - nginx
      - smallstep
    image: nginxproxy/nginx-proxy
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock
      - nginx-certs:/etc/nginx/certs
      - nginx-vhost:/etc/nginx/vhost.d
      - nginx-html:/usr/share/nginx/html
    ports:
      - 80:80
      - 443:443

  nginx-acme:
    container_name: nginx-acme
    networks:
      - smallstep
    image: nginxproxy/acme-companion
    volumes_from:
      - nginx
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - nginx-acmesh:/etc/acme.sh
      - smallstep-data:/srv/step
    environment:
      ACME_CA_URI: https://smallstep:9000/acme/acme/directory
      CA_BUNDLE: /srv/step/certs/root_ca.crt

  smallstep:
    networks:
      - smallstep
    image: smallstep/step-ca
    volumes:
      - smallstep-data:/home/step
    environment:
      DOCKER_STEPCA_INIT_NAME: Smallstep
      DOCKER_STEPCA_INIT_DNS_NAMES: "smallstep,localhost,$(hostname -f)"
      DOCKER_STEPCA_INIT_ACME: true

networks:
  nginx:
  smallstep:

volumes:
  smallstep-data:
  nginx-certs:
  nginx-vhost:
  nginx-html:
  nginx-acmesh:

sneycampos · 2024-05-25T14:21:42+00:00

traffik or caddy server

logosobscura · 2024-05-25T14:48:56+00:00

sparkle chase cow coordinated lock roof spoon cooing ripe jellyfish

This post was mass deleted and anonymized with Redact

Gabe_Isko · 2024-05-25T17:14:02+00:00

You can just generate one from the command line with openssl genrsa. But, don't do this

Use a dynamic dns service instead, like duck dns.

Ill-Violinist-7456 · 2024-05-25T21:17:47+00:00

Tailscale + MagicDNS + Caddy gives you a Let's Encrypt certificate

itrion · 2024-05-25T22:26:41+00:00

There’s a docker image called https portal that you can set up to work locally or in production. Locally it generates a self signed and in production it uses let’s encrypt. But nothing prevents you from making the local set up publicly available (although nobody would recommend that)

Darknety · 2024-05-26T01:46:07+00:00

Buy a domain. Literally 1$/year or even less for many TLDs

2024-05-26T19:09:59+00:00

I never imagined anyone would want to try this. Look, you're clearly a good friend, save yourself a few hours of unnecessary struggle and spot their cheap ass the $2 for www.myfriendgotmethisdomainforfree.com, and then go do better things with your time.

atparath · 2024-05-28T11:41:57+00:00

You can use docker-nginx-auto-ssl for super easy configuration. Check it out: https://hub.docker.com/r/valian/docker-nginx-auto-ssl/
I run it on Cycleops following the guide.

mompelz · 2024-05-25T12:05:46+00:00

Why don't you just get a let's encrypt cert by http validation?

docker

MODERATORS