HTTPS and local hosting

Trying to make it clear for myself…

1. My NAS is not exposed to internet. Only local network. I currently simply access by IP address.
2. I want it to run “good” with no browser warnings, etc. That means HTTPS, trusted certificate.
3. I cannot use lets encrypt or anything similar since it’s my “nas.hme” domain which I setup in router’s DNS
4. I will need to create self-signed SSL and add it to machines thats’ going to be using it to avoid browser warnings.

Does all this sums it up? Or there is easier way to run truenas ui locally with no drama?

Pretty much.

You could also set up your own CA and add the trusted root cert to all systems instead of the self-signed, but I do not recommend that.

I just opted to buy a cheap domain, use lets encrypt, and access my services like “nas.mydomain.com”

I do have domain I can use. But how will it work in my local network? Will I point on domain to “192.168…” ?? Will that work if I just set to local IP address? That would eliminate issues of trusting certs, but that will mean it will work for me locally or perhaps for other people too, locally, if IP is the same?

Look into something like nginx proxy manager.

For my registrar, I only have DNS records for www.domain.com/domain.com with a cloudflare tunnel.

For my ‘private’ services that I don’t want public (plex.domain.com, nas.domain.com, etc), I don’t publish DNS records for those with the registrar. Instead I have them set up in NPM with letsencrypt certs, and local DNS that my router points to.

Just add an override in your router to point nas.yourdomain.com to the NAS and set up letsencrypt with a DNS-1 challenge.

Does this sums it up? Setting Up Let's Encrypt Certificates | TrueNAS Documentation Hub

I don’t have clodufare or amazon accounts. Domain hosted at register.com. All videos/FAQs I found point to cloudfare. Is that mandatory and will free account suffice?

Cloudflare is not mandatory, but it’s very helpful, as its API is widely supported. Yes, its free tier is plenty for these purposes.

Free account is fine. Cloudflare is popular and free and good and also the first supported option in alphetical order.

image415×176 1.46 KB

using cloudflare as your nameservers with your existing domain will work fine.

My advice for just about every tinkerer and homelabber.

Spend ten bucks on a real domain name, then use a free Cloudflare account to manage dns for the domain. It makes life so, so easy with ssl, npm, letsencrypt, acme, all that stuff. I use one of my public domains as my lan domain.

Already did. I had public domain, just didn’t think how to use it “inside”. Now it makes sense. All actually works, and I don’t mind for cloudflare to be controller, like I said, domain is paid for but wasn’t used for anything.
Still don’t understand what cloudfare actually does But SSL works. When it auto-renews I will officially declare it “magic”

It confirms to letsencrypt that you do in fact have ownership/control over the domain so that they can issue and sign the certificate to certify it.

Yes cloudflare gives you an api key you can plug in so you get real, valid for everyone ssl certs. It just has to control dns for your domain. It does not manage my Lan hosts, I do that, but I use my api key to perform dns validation like magic.