• dudeami0@lemmy.dudeami.win
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Hard to believe you used to have to pay for a TLS certificate. I use Let’s Encrypt with cert-manager on my kubernetes cluster and it still amazes me how SSL just happens. Even just using certbot makes the job extremely simple.

      • ActuallyRuben@actuallyruben.nl
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        There even are still some (shitty) webhosts that require payment for a TLS certificate, because they refuse to support letsencrypt.

      • sudneo@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        For cert-manager to work you need to have the ingress controller port (or I guess another port) exposed publicly? Or it supports DNS verification? I thought about doing this, but I am essentially having my cluster fully in a private network which I connect with wireguard from outside, but maybe I should reconsider?

        I am keen to know a little bit more about your setup

  • vividspecter@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    As a side note, how do people handle HTTPS with private networks (VPN or local) these days? I typically just stick to HTTP, but it would be nice to get rid of the warnings/lock (and I use HTTPS-only mode and firefox seems to require a fresh exception for every port).

    • the_thunder_god@kbin.social
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Doing what the OP (same result, just different software) or I posted and assigning certificates to secure your local services means you can avoid the HTTPS warning that major browsers will pop up on an unsecure (HTTP) connection. Instead of going to an internal dns name without a certificate or direct to the ip…you assign a wildcard certificate to a domain name you’ve setup on your local dns. You then access that service via the HTTPS protected Domain name, with no warning.

  • wheels@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Have thought of doing this before. I only read halfway through but enough to confirm what I expected - too much work!

    • kamin@lemmy.kghorvath.com
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I can’t open the link right now cause it seems to have gotten the hug of death, but if they didn’t mention it check out Caddy. It handles the certificates all automatically. All you have to do is set up the DNS record and then point Caddy at your internal service and it handles the rest.