I tried — and failed — to make a working setup with Tailscale provided certs and NPM. What it’s a bit of bugging me is that nobody seem to have tried anything that just works automatically, and people seem to be relying on manually updating things.
What I was trying was to get Tailscale manage and updated certs inside NPM with no external interfence by me.
Unfortunately, there seems to be no way of setting paths for certs in NPM webadmin, you can only upload them.
Here’s what I’ve tried:
I set up Tailscale with host path /mnt/data_pool/apps/tailscale. I then set up NPM with host paths set up for /mnt/data_pool/apps/npm and /mnt/data_pool/apps/tailscale/state/certs for certs path. I got a valid cert from Tailscale console and it worked when tested in TrueNAS webadmin, but I it nowhere visible on NPM.
So I tried to upload those very certs just to see what NPM would do internally. I copied the certs via console-dump and ended with valid crt and key files, which I uploaded and were happily accepted by NPM. Then I saw it created a folder npm-1 inside custom_ssl with a privkey.pem and a fullchain.pem if I remember names correctly.
I thus proceeded to symlink the original ada.alpha-centauri.ts.net.crt and ada.alpha-centauri.ts.net.key to privkey.pem and a fullchain.pem and NPM seemed to accept them happily ad long as I linked using the docker’s internal paths.
I didn’t manage to make anything but the TrueNAS webadmin work, though, due to other problems, so I’m still of the efficacy of this weird thing.
I took some steps back and removed completely NPM and SSLs out of the way for this while to sort where the problem really is (Nextcloud not working with a domain it should), but I’m wondering why I can’t find people trying to use Tailscale managed certs in NPM.
I want to have something like this:
https://ada.alpha-centauri.ts.net pointint to TrueNAS webadmin,
https://ada.alpha-centauri.ts.net/nectcloud pointint to NextCloud webadmin,
https://ada.alpha-centauri.ts.net/nginx pointint to NPM and so on
HAE succeeded on this?