I want my self hosted things to use https. For example, I have Jellyfin installed via docker, and I want it to use https instead of http.

I don’t care about necessarily doing this the “right” way, as I won’t be making Jellyfin or any other service public, and will only be using it on my local network.

What is the easiest way to do this? Assume everything I host is in docker. Also a link to a tutorial would be great.

Thanks!

  • Findmysec@infosec.pub
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    5 months ago

    Running a CA is cool however, just be aware of the risks involved with running your own CA.

    All they say that if the private key is stolen then you’re screwed. Think about it, if an attacker can:

    1. Get into your network.
    2. Presumably bypass key-based ssh/container runtime protections
    3. Access pod/VM which is running the CA
    4. Bypass default MAC settings (Apparmor on debian, SELinux on RHEL)
    5. Steal private key without you knowing from your logs

    You have a much bigger problem my friend

    • TCB13@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      4 months ago

      While I agree with you, an attacker may not need to go to such lengths in order to get the PK. The admin might misplace it or have a backup somewhere in plain text. People aren’t also prone to look to logs and it might be too late when they actually noticed that the CA was compromised.

      Managing an entire CA safely and deploying certificates > complex; Getting let’s encrypt certificates using DNS challenges > easy;