(github.com)

246 points nh2 | 2 comments | 18 Oct 24 06:10 UTC | HN request time: 0.439s | source

Show context

ndsipa_pomu ◴[22 Oct 24 08:36 UTC] No.41912342[source]▶

I prefer to assign an external name to an internal device and grab a free SSL cert from LetsEncrypt, but using DNS challenge instead as internal IP addresses aren't reachable by their servers.

replies(9): >>41912368 #>>41912827 #>>41913126 #>>41913387 #>>41913720 #>>41913826 #>>41916306 #>>41917079 #>>41917804 #

1. thatcherc ◴[22 Oct 24 18:16 UTC] No.41917079[source]▶

>>41912342 #

This sounds like something I'd want to do! Is the idea that you'd have a public domain name like "internal.thatcherc.com" resolve to an internal IP address like 10.0.10.5? I've wondered about setting this up for some local services I have but I wasn't sure if it was a commonly-done thing.

replies(1): >>41917173 #

2. AdamJacobMuller ◴[22 Oct 24 18:25 UTC] No.41917173[source]▶

>>41917079 (TP) #

I've been doing this for a year or two with k3s + cert-manager.

Works great.

In my case everything points to a tailscale operator endpoint, which goes to nginx ingress, which routes to the appropriate pods.

It's very much a set-and-forget solution.

↑

Just want simple TLS for your .internal network?