Quick and Easy Local SSL Certificates for Your Homelab!

Рет қаралды 641,781

Күн бұрын

To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/Wolfgang/
The first 200 of you will get 20% off Brilliant’s annual premium subscription
Follow me:
Mastodon tilde.zone/@notthebee
GitHub github.com/notthebee
Twitch twitch.com/notthebeee
Support the channel:
Patreon / wolfgangschannel
KZbin Members / @wolfgangschannel
PayPal (one time donation) www.paypal.com/donate/?hosted...
Music:
Meod - Crispy Cone
Skygaze - Hug Me
Steven Beddall - Cuts So Deep (Instrumental Version)
Liquify - Afternoon
Kola - Mello Me
Videos are edited with Davinci Resolve Studio. I use Affinity Photo for thumbnails and Ableton Live for audio editing.
Video gear:
Camera geni.us/K8OOyKV (Amazon)
Main lens geni.us/jnnElY4 (Amazon)
Microphone geni.us/tgiSqL (Amazon)
Key light geni.us/Gi1zE2 (Amazon)
Softbox geni.us/F86pM (Amazon)
Secondary light geni.us/aciv (Amazon)
Other stuff that I use:
Monitor geni.us/KUzcmcP (Amazon)
Monitor arm geni.us/5RXu (Amazon)
Laptop stand geni.us/X5vx9Af (Amazon)
Keyboard www.amazon.de/HHKB-PD-KB401W-...
Mouse geni.us/KB7h (Amazon)
Audio interface geni.us/sdhWsC (Amazon)
As an Amazon Associate, I earn from qualifying purchases
This video was sponsored by Brilliant
Timestamps:
00:00 Intro
00:57 How does it work?
01:34 Brilliant.org
02:28 What will we need?
04:40 Installing Docker - Tutorial starts here
06:03 docker-compose Walkthrough
06:46 Generating the certificate
08:32 Setting up domains
11:02 Outro

Пікірлер: 809

@WolfgangsChannel 11 ай бұрын

Text version of the video with all the commands: notthebe.ee/blog/easy-ssl-in-homelab-dns01/ To try everything Brilliant has to offer-free-for a full 30 days, visit brilliant.org/Wolfgang/ The first 200 of you will get 20% off Brilliant’s annual premium subscription

@SirWinnieThePooh 11 ай бұрын

Not related but I love your content man, keep it up

@ripaire 11 ай бұрын

hi can you please make a video about pterodactyl and it should be running the pannel and the wings in same docker-compose file if you do that i will be very gratefull and thanks for this amazing video

@oussamakarem5744 11 ай бұрын

Thanks for the share, but how about the npm network driver ? i can see no details about it thanks in advance (btw the npm never work for me)

@streambarhoum4464 11 ай бұрын

Hey Wolfgang!! 😊 what about accessing our home lab securely from the outside world without using third party CDN like cloudflare? Please provide us with a solution in a next video?😊🙏🎉

@ferasawwad71 9 ай бұрын

Greetings to you. Do you have an explanation on how to replace the ip address of the carrier that is shown to the world to: domain HTTPS global. With its connection to a number: a computer.

@moritz22 11 ай бұрын

Very nice video, this setup is more convenient than my own dns server. For anyone using a fritzbox router: You have to add your full domain as an exception to the "DNS rebind protection", because the fritzbox does not allow DNS resolution of domain names that point to private ips to protect against DNS rebinding attacks

@saninnsalas 11 ай бұрын

This is an excellent tip! Thanks!

@ivangogov7312 11 ай бұрын

Thank you! Now it is working as expected.

@Izuna- 9 ай бұрын

I was looking for this comment. Thanks alot! :)

@RamiKattan 5 ай бұрын

Fixed my issue after pulling my hair for an hour

@LKD70 4 ай бұрын

Hero, thank you for this comment.

@americanbagel 11 ай бұрын

This video could not have come at a better time! I've just started putting together my own home server and I've been driving myself insane with self-signed certificates. Thanks!

@giacomogagliano1526 7 ай бұрын

same here =)

@clabretro 11 ай бұрын

This is the simplest way to tackle certs I've seen, definitely trying this! I've been putting it off in my homelab for ages.

@dj_odradeck 11 ай бұрын

I use exactly this setup for over a year and it just works flawlessly. Even auro-renewing the let's encrypt cert works without any issues.

@CharlieBasta 11 ай бұрын

Yet another great video Wolfgang. Outstanding work. I've been wanting to do this for a while for my homelab and this video is the push I needed. Thank you.

@BallerBubi 11 ай бұрын

This solution is simply brilliant. I was searching for years for such an amazing and simple solution. Thank you.

@Luniii737 11 ай бұрын

Wow, thank you for this video! I didn't know (or think of) that you could point a domain name to a private IP address. That makes creating SSL certificates super easy like this! Love you

@MartinKL 5 ай бұрын

Lots of information in this video, thank you. The text-blog was very helpful to see the commands without copying them from the video.

@JmonteroArg 11 ай бұрын

This video was right on time! I was exploring how could I deploy things locally without deal with IPs and cert issues. Very valuable info, thanks for sharing.

@nightyeve 9 ай бұрын

Thankss ! Love how clear and fast you explain everything

@NinjaNips 11 ай бұрын

I’ve literally been looking for a tutorial like this for soooooo long 😫😫😫 thank you ❤

@chaejunhee 7 ай бұрын

I was almost giving up, but I saw the video and the kind explanation was sweet rain for a beginner like me. Thank you so much

@ayoubthegreat 3 ай бұрын

Thank you for this! It seemed complicated but after following along I got everything working perfectly.

@MegaChiliMac 4 ай бұрын

excellent. exactly what i was looking for. and thank you for having this info in blog post format too.

@revilo2208 5 ай бұрын

Tausend Dank Wolfgang. This is exactly what I was looking for. I was this close to setting up my own CA and getting a headache trying to add the root certs to all the devices.

@vamshikrishnaanandesi1642 9 ай бұрын

Thank you for this video, have always been wanting to access all my services through https rather than typing in my IP every time but couldn't as I thought it will take some time for me to study the nuances of the process. This has been an easy and fast setup.

@aliaghil1 11 ай бұрын

Great video as always. Thank you for sharing it with us. I am using pfSense in my environment and having HAProxy, however I needed a second proxy manager, your video helped me a lot with setting up the second one. 👍

@grahammccann8554 7 ай бұрын

Thank you Wolfgang for making this video. Very easy to follow.

@seanys 11 ай бұрын

Good to see a well done tutorial on the exact thing I’ve been trying to achieve for ages!

@solidus1983 7 ай бұрын

Thank You, I had been using an SSL per domain, didn't know you could create just one SSL cert. Now i do an have it set up thanks.

@philliii 11 ай бұрын

This is what i have been searching for. Thanks for the super easy to follow video. Saved me lots of pain. Great work. Cheeeeeeeeers!

@Andoresu96 11 ай бұрын

wait y'all are using an application to manage your nginx reverse proxy? I was editing config files like a madman here 😭

@voodooyam 11 ай бұрын

If you learned by it then there is no lose!

@sugoruyo 11 ай бұрын

This is the way.

@rabahfdoul4844 10 ай бұрын

@@sugoruyothis is the way.

@th3fallen 9 ай бұрын

Nginxproxmanager is really nice if you just want a gui and ssl rotation

@larsycoding 8 ай бұрын

😮

@adryanobrum 11 ай бұрын

Another great video. Clean and simple. Please, you need to teach us how to configure a home assistant dashboard like yours! 🤟

@senthilrajanr1 Ай бұрын

I can not thank enough for this video. I was struggling to figure this out and your video helped me. Thank you

@MrMoogle 3 күн бұрын

My man! You are my hero. I've watched so many videos trying to figure out how to do this exact thing and you explained it all so perfectly. And the written guide to accompany it was an added bonus and very much appreciated. Thank you, sir!

@WolfgangsChannel 2 күн бұрын

No problem 👍

@aravind3626 11 ай бұрын

I've been waiting for this for years...Thank you!!!!!!!!

@pesfreak18 9 ай бұрын

Thank you for the Tutorial. Very good. Just got through everything and it works great.

@MrXana91 3 ай бұрын

Omg this is EXACTLY what i've been looking for for months! Thank you so much! That's a sub

@TheDmankl 11 ай бұрын

Seriously thank you so much for this.... I have been trying to find something like this but no one had a solution for this !!!

@hfrox1 11 ай бұрын

Man this video is exactly what I was looking for. Thank you

@BlackLustWarrior 6 ай бұрын

I tried using traefik for this but my head was spinning just trying to set up the docker container. This looks sooooo much easier. Thanks for your great tutorial!

@rayzerx 11 ай бұрын

I didn't know I needed this video until it was recommended to me. Amazing video and great explanations. Thanks for the caption. Greetings from Brazil. ✌🏽

@rogerwprice 9 ай бұрын

Wow - this is fantastically useful - many thanks - will be exploring more on your channel

@samjiman 11 ай бұрын

This is useful, thanks. Waiting for my AML-S905X-CC and then I'll set this up.

@Nahga Ай бұрын

This was just fantastic. I didn’t know I needed something like this in my life until I saw the video. Very well done thanks a lot.

@Mhm_Rhm 5 ай бұрын

Great tutorial. To the point. I have been looking for this for a while. Thanks. 😘

@XRedShark 8 ай бұрын

Thank you! Great explain

@GehtGut 3 ай бұрын

Thank you very much for this genius tipp ... !!!! You are the best !!!! Installed and works directly.

@adrianmurillo2646 9 ай бұрын

Thank you, sir! This is a great video. For anyone using pfsense on their home network -- with a different domain than your purchased domain for your home lab -- you are going to want to add DNS host overrides for your purchased domain and the hosts that you are going to be proxying, all pointing to the IP address of the nginx proxy manager.

@LeonRohr-xc4re 8 ай бұрын

could you please explain further? Im having trouble on setting this up using my pfsense

@EricKoehler-dc5or 6 ай бұрын

could you please show this step, maybe in a short video? pFsense drives me crazy :(

@ClassicCarOverhaul 4 ай бұрын

Thanks, was pulling my hair out until I did dns host ovreride and it worked!

@andrewlowe4130 9 ай бұрын

Excellent. Thank you!

@scotthewitt6047 11 ай бұрын

I set up passbolt last night and have the problem you just solved in this video thank you

@prezmix 5 ай бұрын

Well... Exactly what I was looking for! Thank you

@MrTandrol 27 күн бұрын

Thank you so much! Worked like a charm :)

@CreaseysWorkshop 11 ай бұрын

Oh man it works so good! Thank you so much.

@xellaz 4 ай бұрын

This worked great on putting https secure connection locally on my new Raspberry Pi 5 running CasaOS! I just had to do a few modification on the ports and IP addresses but everything worked correctly at the end! Thanks! 👍

@makeitcloudy 3 ай бұрын

another great tutorial, awesome stuff, thank you !

@sbx1 11 ай бұрын

Danke Wolfgang, dank deiner Anleitung war die Einrichtung sehr einfach! :)

@gere364 2 ай бұрын

Works like a charm! I love this solution!!

@jdfmovil 11 ай бұрын

Add portainer to this and you have an easy way to manage all your containers. :)

@electricz3045 11 ай бұрын

Easy it might be defently not efficient. Running shell commands is just faster then navigating around in an GUI to do the same thing.

@fabiandrinksmilk6205 11 ай бұрын

@@electricz3045 This is where we come to the whole CLI vs GUI discussion again. The right answer is of course your personal preference!

@varunaeeriyaulla 11 ай бұрын

@@fabiandrinksmilk6205 I agree with you. I have multiple docker servers, including HA. It's much easier to manage with Portainer and portainer agents.

@4crafters597 11 ай бұрын

Yacht for a smaller yet lighter system that still works for basic setups!

@DaMonkeyFamily 4 ай бұрын

Awesome video, the explanations are just perfect. Thanks a lot mate

@gabrielrechy 8 ай бұрын

Gracias por este valioso contenido, hace tiempo que no encontraba como asignarle certificados válidos a un servicio que estuviera fuera Docker, pero ahora ya me di la idea de como poder solucionarlo gracias a tu vídeo ✌️

@thefallenangel9544 11 ай бұрын

omg I was waiting for a tutorial using precisly docker and DuckDNS together and you just upload this perfect tutorial ! You save my time

@Filamoretech 11 ай бұрын

Awesome video, Wolfgang! I'll have to add this to my lab.

@MrEric377 2 ай бұрын

Thank you so much for this video, 1 thing I don't think anyone ran into is I had to wait almost a day for my registrar to reflect the IP changes. 🤦Now that I found you I'm going to look through your other video's Thanks again.

@G1esas Ай бұрын

Worked flawlessly, ty

@brunosolothurnmann9205 11 ай бұрын

Thank you - as I use Pi-hole, I had to add entries to the pi-hole local dns with the (sub-)domain names pointing to the proxy-manager. After that it run as you explained it.

@pcboffin 4 ай бұрын

Thank you - just saved me a lot of head scratching...

@richardrussell5165 2 ай бұрын

you saved me soo much stress

@rustedtrust3923 4 ай бұрын

This is awesome, thank you!

@brokenicelight 11 ай бұрын

Your Video is like a rescue ring. I had trouble understanding this concept with the traefik guides from Techno Tim but now that you've implementet a sceamtic drawing it helped alot. Thanks! Again a Video to exact right time :D My instructor wanted me to get the basic of dns and teach myself but i was only stuck at this internal external stuff so you safed me :D

@AinzOoalG0wn 5 ай бұрын

did you get this to work for traefik? i need help for that x-x;

@brokenicelight 5 ай бұрын

@@AinzOoalG0wn Sadly not now since i haven't had much time yet. But i want to get it working with traefik. Maybe we could stay connected?

@AinzOoalG0wn 5 ай бұрын

@@brokenicelight i came up with a solution. i shutdown traefik and started up nginx proxy manager instead 🤣 i got it to work kinda. even authentik works with it. just, it only works when my vpn is active. when its turned off, it no longer works 🥲

@AinzOoalG0wn 5 ай бұрын

@@brokenicelight well if u find out a solution plz do share. i had to go back to traefik cause there were some issues in npm i could not resolve 🥲

@yotu9670 11 ай бұрын

sweet. never thought of this option. thanks

@DrathVader 25 күн бұрын

I finally got to set this up after watching the video months ago. I should have set up proxies long ago, much more convenient. One thing to mention is that this method works well with tailscale as well. I just put my server's tailscale IP instead of local network IP and it works perfectly. Really useful for privately sharing linux isos with friends.

@m.jamilrahman4971 7 ай бұрын

working very well thanks bro 😁😁

@nastynaza 9 ай бұрын

Thank you! I managed to get this working with AWS Route53. The only difference is that the wildcard record needs to also be an A record, not a CNAME.

@topkek5378 2 ай бұрын

you're a lifesaver

@user-co9be5eu7e 11 ай бұрын

Thank you for this video. I have set it up at home, no longer public visibility for some services. Combined with Tailscale router (to access your local networks), it rocks !

@Knufle 6 ай бұрын

Hey, your comment is exactly what I was looking for, I'm trying to also setup Tailscale alongside Nginx like in the video, but Tailscale also uses port 80, how did you manage it?

@Knufle 6 ай бұрын

Nvm, I got it working, for some reason when I had CasaOS installed as a container before installing NPM, I'd get trouble installing NPM's container, however if I install NPM, configure it and only afterwards install Tailscale then it works just fine.

@Knufle 6 ай бұрын

Although, on a separate note, how do you access your local environment using Tailscale when you're outside of your local network? Since duckdns points to a local IP, it doesn't really work for me outside of my local network, could you explain what you did?

@user-co9be5eu7e 6 ай бұрын

@@Knufle I use Tailscale router to expose the network where the DNS entry resolves.

@user-co9be5eu7e 5 ай бұрын

@@jims888 You have to use tailscale subnets to reach your ip addresses.

@yeastdonkey846 5 ай бұрын

Great video. Got me up and running when I first set up npm. I changed to custom certs from Cloudflare, which last for 15 years though.

@justintongol7581 4 ай бұрын

Hey man, I'm curious. How is yours setup?

@yeastdonkey846 4 ай бұрын

@@justintongol7581 in terms of the CloudFlare cert? I just setup all my dns records through cloudflare and set them to proxied. Then I generated a cloudflare origin cert and imported them into npm. I also set my encryption on cloudflare to strict mode.

@RaidOwl 11 ай бұрын

NPM is freakin awesome. It's crazy how easy it is to get setup and going with it and boom...you've got proper SSL and routing.

@falxie_ 11 ай бұрын

As (unfortunately) a JavaScript developer I was very confused by this statement for a moment

@pieteryts 11 ай бұрын

not quite for me... since I'm not a linux users 😂 mostly I used DNS domain record check for let's encrypt.

@RaidOwl 11 ай бұрын

@@falxie_ haha yeah I have to think twice when seeing "NPM" now

@pavelperina7629 11 ай бұрын

@@falxie_ nginx proxy manager. Yes, I barely touched JS and I had to ask chatgpt (which is suprisingly good for setting up simple stuff and writing simple shell script

@asandax6 11 ай бұрын

NPM is very confusing when you're not referring to Node Package Manager.

@MarcDANIELLAMAZIERE 7 ай бұрын

Thanks great tutorial

@vikingursigurdsson4985 11 ай бұрын

Thai is exactly what i was looking for. Thank you

@Izuna- 9 ай бұрын

Thank you for this great video! Really helped me a lot! :)

@cyclemoto8744 2 ай бұрын

Great tip! thanks for sharing. Cheers from OZ

@RazoBeckett. 9 ай бұрын

thanks alot dude you made my project way cooler and legitimate

@LeandroLemos1 Ай бұрын

Amazing video! thanks by the help !

@nixxblikka 11 ай бұрын

This is a game changer - excellent video

@ilyafalaleev6196 11 ай бұрын

Perfect, just in time, that's really so easy, thanks for the complete tutorial it was helpful.

@MatiMape 3 ай бұрын

Epic tutorial. Worked like a charm in a Raspberry Pi 4.

@Knufle 6 ай бұрын

Btw, great video! Thanks for explaining everything in such a concise and easy to understand manner. Just a heads up, apparently this method doesn't fully work on Chrome if you have Safe Browsing Standard or Enhanced protection enabled, for me I get the "Deceptive site ahead" warning for some of my local apps, like Jellyfin for example, but I don't get the warning for other apps like Code Server, so idk, just wanted to let you know. On Firefox I don't get warnings no matter what though, so that works just fine.

@Glatze603 8 ай бұрын

Hi Wolfgang, good content! A video about this topic and authelia would be awesome.

@thomasmiller4625 10 ай бұрын

"Don't worry about it! Not every bad thing in life is your fault." Thanks man I needed that.

@clairerovic 11 ай бұрын

Luv this... Thanks heaps 🥂

@RamiKattan 5 ай бұрын

Greatest tip ever, worked on the second try

@MaksOuw 11 ай бұрын

I did not known Nginx Proxy Manager, I'll give it a try tonight to remove my Nginx and custom configurations (so I'll have to dockerize every app I use + maybe it's time to use Ansible to avoid making everything by hand haha). Thanks for the tutorial !

@yerunski 11 ай бұрын

I'm only 1 min. 20 secs in the video and already hit the like button. I'm sure this will be better then my self signed certificates :)

@prashkd7684 9 ай бұрын

Thank you for creating this video. If possible, can you create another video showing explaining the theory behind the interaction between client browser, the duckdns server and the NAS ?

@paulw3182 8 ай бұрын

This is a great idea!

@ankkitraj2625 Күн бұрын

I have been following this channel for years and did not realized I am not subscribed.

@matuopm 5 ай бұрын

I have been looking for this for a long time :D

@idoiteveryday 11 ай бұрын

Useful video. Thank you.

@tonysgonewild 6 ай бұрын

Clever idea, excellent video.

@mr.mentat.0x 9 ай бұрын

Dude... this intro speaks directly to my soul. Completely spot-on how it feels. The Blade Runner segment is perfect. Going to do this on my home lab, that's turned into something I'd see in the field, at work. Too funny man 😂😂 *joined* 😂😂❤

@kanine9598 7 ай бұрын

Works great on an Ubuntu VM instance running under proxmox. But I also like to torture myself trying to get these solutions to run under W11 > WSL2 > Docker > NPM, no luck so far no doubt some firewall issue. Thanks for the tutorial short and to the point.

@turbo2ltr 3 ай бұрын

Great video! I've been wanting to get the mess of homelab services I have running all willy nilly standardized like this. Currently using CF tunnels, but I like self hosted much better.

@EconaelGaming 3 ай бұрын

Danke Wolfgang! I find it absurd that we need to jump through these hoops, just to have valid SSL in our home networks, but you made those hoops much easier to jump through :)

@JavierPortillo1 11 ай бұрын

Thank you so much!!!

@wukerplank 11 ай бұрын

Learned something new, I wasn't aware that Letsencrypt can do wildcard certificates by now 🙌

@MarceloAugusto-fb1lx 2 ай бұрын

loved the video! such a great tutorial! just on question... if it's an "easy way" of doing it so, why not use a docker manager GUI like CasaOS, by example?

@dannysung3397 3 ай бұрын

Pretty awesome and relatively easy to setup! One issue I noticed is that Safari password autofill treats everything under the proxy as the same site... meaning it will suggest passwords for services with different hostnames. This can get a bit unwieldy if you have a lot of services with their own username/passwords.