8·
7 days agoCan you search your rolodex for “caddy tls configuration” for me?
clif
Just a geek, finding my way in the fediverse.
- 0 Posts
- 6 Comments
Joined 3 years ago
Cake day: June 11th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
You’re right, that was quite a hassle : )
Glad you got it sorted.
I want to preface this with the fact that I am definitely NOT a networking expert so… don’t trust anything I say.
My situation is a bit different because I am using Tailscale, though I have it on the list to be replaced in the future.
When you Wireguard to your LAN, do subsequent DNS requests go through the VPN? Sounds like you’re looking into that route based on your third point above. If so, can you just add a static DNS resolution to your LAN router that points to your Caddy SSL terminator/reverse proxy? This assumes a static IP for your host.
That’s what I’ve done. On my router I’ve set a static DNS entry of
silverbullet.mydomain.com -> 10.0.0.101(where*.101is the static IP of my internal host/Caddy). This allows everything to resolve correctly when I’m physically attached to my LAN but also when connecting remotely via Tailscale.It may not be elegant, but it avoids the hassle / extra config of a local DNS server as well as the need to manage host routes on each device.
EDIT: My router is running OpenWRT but I think most consumer grade routers support static DNS routes… but I could be wrong.
I’ve been doing the SSL with Caddy and Let’s Encrypt via CertBot. Extra work but not too bad once you figure it out (and take notes since I forget by the time the renewal comes around :)
I still need to find time to set up auto renewal… One day
I’ll stick with FOSS instead… Silverbullet.md in this use case.
Thanks fri… wait, you’re not who I replied to. Do you have your own rolodex of websites?