How to setup SSL on an Internal IP address
The big down sides to this approach is:
1. Your DNSd must have some programmatic API support
2. If your API key is leaked, then an attacker could control your DNS Zone. Oops. It's probably best to create an API key for *.int.example.com to limit the blast radius.
https://twitter.com/mholt6/status/1376190909646217216
3. https://tools.ietf.org/id/draft-ietf-dnsop-dontpublish-unreachable-01.txt
Here are the Caddy httpd DNS providers:
https://github.com/caddy-dns/
These are the DNS providers LetsEncrypt supports (that Caddy might not)
https://go-acme.github.io/lego/dns/
How I built Caddy with Cloudflare DNS support:
xcaddy build --with github.com/caddy-dns/cloudflare
My Caddyfile (configuration) looked like:
intyt.dabase.com {
tls {
dns cloudflare SECRET
}
}
Don't mess up the config like I did initially 🤣 https://github.com/caddy-dns/cloudflare/issues/22#issuecomment-808051807
If you know of a better way of making SSL work for internal machines ... do let me know.
This all kicked off from this tweet: https://twitter.com/kaihendry/status/1361974247141171203
Use DNS validation on AWS! https://dabase.com/blog/2020/Amazon-Certificate-Manager-Pro-Tip/
Видео How to setup SSL on an Internal IP address канала Kai Hendry
1. Your DNSd must have some programmatic API support
2. If your API key is leaked, then an attacker could control your DNS Zone. Oops. It's probably best to create an API key for *.int.example.com to limit the blast radius.
https://twitter.com/mholt6/status/1376190909646217216
3. https://tools.ietf.org/id/draft-ietf-dnsop-dontpublish-unreachable-01.txt
Here are the Caddy httpd DNS providers:
https://github.com/caddy-dns/
These are the DNS providers LetsEncrypt supports (that Caddy might not)
https://go-acme.github.io/lego/dns/
How I built Caddy with Cloudflare DNS support:
xcaddy build --with github.com/caddy-dns/cloudflare
My Caddyfile (configuration) looked like:
intyt.dabase.com {
tls {
dns cloudflare SECRET
}
}
Don't mess up the config like I did initially 🤣 https://github.com/caddy-dns/cloudflare/issues/22#issuecomment-808051807
If you know of a better way of making SSL work for internal machines ... do let me know.
This all kicked off from this tweet: https://twitter.com/kaihendry/status/1361974247141171203
Use DNS validation on AWS! https://dabase.com/blog/2020/Amazon-Certificate-Manager-Pro-Tip/
Видео How to setup SSL on an Internal IP address канала Kai Hendry
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
How to create a valid self signed SSL Certificate?
How SSL certificate works?
TLS Certificates for Local Area Networks
Tracking your Dynamic ISP IP Address for use with your Home Server with Cloudflare DDNS & Duck DNS
How to generate a self-signed SSL certificate for an IP address on a Standalone machine
Automatic SSL using Caddy Server: Nodejs reverse proxy
How to DECRYPT HTTPS Traffic with Wireshark
Self-hosted Server accessible over Internet - EASY with Caddy 2!
Create an SSL Certificate Without Ports 80 and 443 (Certbot/LetsEncrypt)
Self Hosting on your Home Server - Cloudflare + Nginx Proxy Manager - Easy SSL Setup
How To Get Free SSL Certificate For Website | Add SSL To Website
STOP Paying for SSL! | How To Get SSL Certificate On Your Website for Free
Put Wildcard Certificates and SSL on EVERYTHING - Traefik Tutorial
Troubleshoot TLS Handshake Failures using Wireshark
AWS Load Balancer HTTPS Setup with Route 53 and Certificate Manager & HTTP Redirect to HTTPS
SSL Chain of Trust | How SSL Chain Works | Root Cert, Intermediate Certificate, Server Certificate
How to get HTTPS working in localhost (Self Signed localhost SSL Certificates)
How to Make Your Own VPN (And Why You Would Want to)
Trusted Self-signed SSL Certificate and local domains for testing