(github.com)

246 points nh2 | 1 comments | 18 Oct 24 06:10 UTC | HN request time: 0s | source

Show context

ndsipa_pomu ◴[22 Oct 24 08:36 UTC] No.41912342[source]▶

I prefer to assign an external name to an internal device and grab a free SSL cert from LetsEncrypt, but using DNS challenge instead as internal IP addresses aren't reachable by their servers.

replies(9): >>41912368 #>>41912827 #>>41913126 #>>41913387 #>>41913720 #>>41913826 #>>41916306 #>>41917079 #>>41917804 #

DandyDev ◴[22 Oct 24 08:42 UTC] No.41912368[source]▶

>>41912342 #

I do this as well, but be aware that these external names you're using for internal devices become a matter of public record this way. If that's okay for you (it is for me), then this is a good solution. The advantage is also that you run no risk of name clashes because you actually own the domain

replies(7): >>41912424 #>>41912505 #>>41912544 #>>41912570 #>>41912671 #>>41912732 #>>41919325 #

ndsipa_pomu ◴[22 Oct 24 09:15 UTC] No.41912544[source]▶

>>41912368 #

> be aware that these external names you're using for internal devices become a matter of public record this way

Yes, I sometimes think about that, but have come to the conclusion that it's not likely to make any difference. If someone is trying to infiltrate my home network, then it's not going to really help them to know internal IP addresses as by the time they get to use them, they're already in.

replies(3): >>41912767 #>>41912874 #>>41922694 #

1. GoblinSlayer ◴[23 Oct 24 07:29 UTC] No.41922694[source]▶

>>41912544 #

If your services work through http(s), they can be accessed from your browser.

↑

Just want simple TLS for your .internal network?