Hi
This morning, I wrote to another guy here in the forum (As a PM, not visible for everyone…):
If the nethserver is already entered in with the official DNS, you do not need to change anything there…
Do you use a correct DNS domain (fqdn) for your NethServer?
If yes, that’s all you need!
Open Ports 80, 443 to the NethServer and enable the LetsEncrypt cert!
This will work for the NethServer itself.
If you need to use the LE cert on “other” internal servers, that’s also quite possible…
Here is an example from my home:
I have an OPNsense box as firewall, not my NethServer.
OPNsense forwards ports 80 & 443 to my NethServer, which handles SSL for all internal stuff as well.
My PI-Hole is running as a LXC Container on my Proxmox, using the internal IP 172.25.75.29, my NethServer uses the IP 172.25.75.20.
This is whats needed:
A DNS alias in NethServer for that “external” host.
here, I use pi-hole.r7.anwi.ch.
The real fqdn of my PI-Hole is awr7-pi-hole.r7.anwi.ch, I use this eg to update my pi-hole with ssh…
I also have the external DNS point pi-hole.r7.anwi.ch to the external IP of my OPNsense.
Then lastly, a LetsEncrypt request including the PI-Hole.
And this is the reverse proxy entry in NethServer:
If you want to see this for yourself, be my guest:
At home, I have a dynamic IP. I have a paid account at dyndns.org, now part of Oracle.
I point the dns name gw.r7.anwi.ch to my DynDNS name.
All the rest are actually cnames pointing to gw.r7.anwi.ch…
Hope this helps understandabilty!
My 2 cents
Andy