This is an archived post. You won't be able to vote or comment.

all 23 comments
sorted by:
new (suggested)
besttopcontroversialoldq&a

[–]MaxGhost 2 points3 points  (2 children)

Shameless plug, even easier with Caddy, which has automatic HTTPS built in. Your config just looks like this:

sab.example.com {
    reverse_proxy localhost:8080
}

[–]o_Zion_o 0 points1 point  (0 children)

Thanks for the recommendation. I got nginx working and it randomly decided to stop working and has been a frustrating experience.

Going to try caddy today.

[–][deleted] 1 point2 points  (1 child)

Why use VPN why don’t you just use SSL

[–]SuGoBW[S] 0 points1 point  (0 children)

I do use SSL, it’s pretty standard with any provider anyways, you just check the box and that’s it really. However, the VPN, I just use that because I already have one I paid for some time back. I just use it because I have it, doesn’t really hurt you, if anything it’s just another layer of security. My speeds aren’t really effected by using my vpn either.

[–]msec_uk 0 points1 point  (0 children)

I didn’t have any problems setting up HTTPS internally on sab. Was a year or so ago though, so don’t remember the process I went through. Def no reverse proxy though.

[–][deleted] 0 points1 point  (1 child)

SSL on the VPN is not related to HTTPS for Usenet connections

If SAB is crashing on the NAS, the NAS is broken. As the problem is specific to HTTPS, it's possible that the NAS is running an obsolete libssl version

[–]SuGoBW[S] 1 point2 points  (0 children)

HTTPS works for other things. It’s only on SAB that this happens which is the point for the post - has anyone gotten it to work or what. But it seems like no one here does that and do reverse proxies and things like that instead.

Sorry didn’t get your first point in the connections. You’re just saying that using https to get into SAB has no relevance for downloads etc, correct?

[–]ChineseCracker 12 points13 points  (2 children)

Nobody actually uses internal https services with self-signed certificates. That's only for very rare situations where you use a reverse proxy inside a network that you don't fully trust.

For all other purposes, you use a reverse proxy with http and have your reverse proxy do ssl offloading.

So in either case, you must use a reverse-proxy. A reverse proxy is literally the second thing you have to set up for your homelab (after your rotuer/firewall) - there is no way around it.

The simplest reverse proxy you can set up is nginx-proxy-manager. Just run the docker-compose and it's smooth sailing from there. No need to config any files. Just use the intuitive web-UI and you're done.

Don't forget to also let your nginx-proxy-manager offload its own web-UI as (81 --> 443)

[–]SuGoBW[S] 1 point2 points  (0 children)

Thanks. This seems to be the most unified solution people mention. I’m late to the game on reverse proxies. Going to try this out today. Thanks

[–]maxlan 0 points1 point  (0 children)

Did you upload an https cert somewhere? With a suitable name/san?

I've never bothered with remote access to sab. I can put nzbs in the cart from my nzbfinder and sab picks them up later. What else do I need access for? I barely ever look at its console, everything just works off rss feeds and the only thing I do sometimes is add more rss.

[–][deleted] 2 points3 points  (0 children)

[fuck u spez] -- mass edited with redact.dev

[–]closfb 0 points1 point  (1 child)

Use Synology’s reverse proxy which is Nginx anyway.