Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

LAN Only Reverse Proxy / SSL certs?

Featured Replies

Hi all -- new to Unraid, but coming from Ubuntu.  I'd like to be able to resolve https requests from anywhere on my local LAN.  I do not mind if it requires that I edit HOSTS files on the relevant PCs.  I am currently self- hosting: Vaultwarden, Audio Book Shelf, Paperless-NGX, Photo Prism, Syncthing and Portainer.  On the current hosting solution (Ubuntu 20.04, local CA and certs for each subdomain: vaultwarden.home-pc (no TLD, etc.)  Right now it all works, albeit it is a bit fragile, but it works.  It's running on Nginx, fwiw. And I am not sure how to remake the .crt file I am currently using as part of that local CA.  So I figure, start over if I can, do it right and hope there are folks out there that have done this. :) 

 

I was hoping to self-host on the UNRAID box at this point and they do have all the docker images I'd require.  I am curious though, is there a how-to on getting to the same result as I currently have?  I.e. I enter https://vaultwarden.home-pc and get a valid SSL check against installed certs?  I've been reading up on DNS challenges and was hoping someone here has solved this to give me a bit of a headstart.  I have NO INTENTION of ever exposing the Unraid server to the outside world but would like, when on LAN to resolve to: <subdomain>.home-pc (or some equivalent).  I am happy to buy a domain if it will make this easier, but again, want 0 traffic from the outside world knowing about my UNRAID install (if I can).

  • Community Expert

This will be hard to do.

Not, because it cannot be done, but it is quite useless.

 

The problem is that for a "valid certificate" you need an authority to sign it and is trusted by every machine in the LAN. As I said, you CAN do it, but you need to set up this CA (certification authority) and have to manually copy its certificate to every single device (which may be hard on some "closed" boxes like routers or so). Also, you will have to live with a bunch of permanent warnings (for instance from Android Phones that hate "foreign" certificates). And also, some devices may refuse to work completely.

So, it will be a long and hard fight.

 

Even with a legal domain it won't work without external traffic. The CA for the domain are "outside" and every box need to check for validity.

 

The main question is: WHY DO YOU WANT THIS? If you only have internal connections, there is no need to encrypt the traffic unless you have to hide something from you wife or so :-)))

 

  • Author
Quote

 

The main question is: WHY DO YOU WANT THIS? If you only have internal connections, there is no need to encrypt the traffic unless you have to hide something from you wife or so :-)))


 

My life is not nearly that exciting.  Mostly that it is habit to go to <service>.<domain> and if I can maintain that, I will.  My other option, I suppose, is to keep it all hosted on the smaller linux box now that it is not pulling double duty as a quasi-NAS.  Bitwarden, for instance, doesn't work on http:// (although is likely a setting I can toggle somewhere in the docker-setting/config).

 

Quote

The problem is that for a "valid certificate" you need an authority to sign it and is trusted by every machine in the LAN. As I said, you CAN do it, but you need to set up this CA (certification authority) and have to manually copy its certificate to every single device (which may be hard on some "closed" boxes like routers or so).

Yeah -- this is how it works now.  I installed a cert on the 3-4 boxes in the house that navigate there. To your point, it doesn't work on my Android phones and, for the love of all things that I cannot possibly understand, my Ubiquiti Dream Machine Pro lacks the ability to let me manage host redirects on the router.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.