Hey everyone,

Just a quick question, let’s encrypt, what is it and how can I take advantage of its services?

For a bit of background I’m trying to setup KanIDM and the need for a ca certificate is needed, I was told to use let’s encrypt to create it.

Just looking for knowledge.

Thanks!

  • vector_zero@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I’m going to cast another vote for a reverse proxy, such as NginxProxyManager. It’s really easy to set everything up, and they’re usually very easy to run in Docker/Podman.

    One thing to note: if you end up with a domain with mandatory HSTS, you’ll have to use DNS-based certificate generation rather than HTTP based, since unencrypted HTTP is blocked (chicken/egg problem to get HTTPS working). It’s not hard, but you have to be aware of that limitation.

    • pete_the_cat@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      As someone that used Nginx for close to decade, Caddy is about 10x simpler with the same features. It takes a bit to wrap your head around if you’re used to coming from an “old-school” webserver and proxy like Apache or Nginx though. One of the greatest things about Caddy is that it does SSL by default, so there’s no need to have stanzas in each section saying “listen on 80 and 443, but if you get a connection on 80 redirect it to 443” and another one saying “enable SSL for this (sub)domain”. Creating a reverse proxy in Caddy literally takes three lines and consists of FQDN { reverse_proxy internal-endpoint-name:portNumber }

      • vector_zero@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I’m actually almost completely unfamiliar with Nginx, short of a few hours of tinkering. NginxProxyManager is a direct competitor to Caddy, with a graphical interface, SSL cert creation and auto-renew, etc. I’m not going to say to switch from Caddy, since there’s probably no major benefit, but it’s much nicer than trying to figure out Nginx reverse proxies by hand.