Self hosted services with SSL cert - eviltoast

So, I have a few services (Jellyfin, Home Assistant, etc) that I am running, and have been acessing via their IP’s and port numbers.

Recently, I started using NGINX so that I could setup entries in my Pi Hole, and access my services via some made up hostname (jellyfin.home, homeassistant.home, etc).

This is working great, but I also own a few domains, and thought of adding an SSL cert to them as well, which I have seen several tutorials on and it seems straight forward.

My questions:

  • Will there be any issues running SSL certs if all of my internal service are inward facing, with no WAN access? My understanding is that when I try to go to jellyfin.mydomainname.com, it will do the DNS lookup, which will point to a local address for NGINX on my network, which the requesting device will then point to and get the IP of the actual server.

  • Are there risks of anything being exposed externally if I use an actual CA for my cert? My main goal is to keep my home setup off of the internet.

  • Aurailious@beehaw.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    If you use Let’s Encrypt, or any public CA, all of your domains and certificates will be public. You can use a wildcard to avoid revealing subdomains. There is a website that you can use to search what is available, but I don’t remember what it is.

    I suspect there aren’t any serious risks to having that information revealed. The only real reason would be privacy against which services you are using on that domain.

    • phi@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      yeah true but if the DNS records aren’t actually pointing anywhere then there’s no real threat no? because everything stays in the internal network