I am struggling to understand how to get SSL working on my local network for additional servers. I have a domain through host Gator with remote SSL connections working for Nethserver and it’s built in apps like nextcloud.
I have several proxmox VMs like home assistant and jellyfin that I’m trying to get rid of the “site not secure” warning. Before starting on this quest I was able to ping them such as ping Jellyfin.mydomain.com on my local network and it was returning the proper IP address of my jellyfin server.
My understanding from reading the documentation is that I could use either a reverse proxy or virtual host. I’ve tried both without success trying to set them up using the GUI interface. After testing failed I deleted the reverse proxy and the virtual hosts I created but now when I ping jellyfin.mydomain.com I get the address of my nethserver. These settings survive a reboot and my internal dns is no longer working properly.
I deleted the dns entry for jellyfin.mydomain.com in nethserver and did a “sudo systemd-resolve --flush-caches” on my Ubuntu machine I’m using to test but pinging jellyfin.mydomain.com still returns my nethserver IP.
This is slowly driving me insane.
Should I use a reverse proxy, virtual host, or both?
When I ping jellyfin.mydomain.com what IP should I see?
When it’s working should I enter jellyfin.mydomain.com or nethserver.mydomain.com/jellyfin in a web browser?
Where does the port for jellyfin go in nethserver?
You need to set the LE cert as default in NS7 Cockpit.
Log out from Cockpit. wait 5 minutes then try Jellyfin URL again. It should work without issues.
I have a NethSever-7.9.2009 as my main server connected directly to the internet.
It redirects all requests for LAN domains (VM or not) to the appropriate LOCAL server.
On NethSever-7.9.2009, create a DNS host name for Jellyfin.mydomain.com pointing to the LOCAL IP.
If you registrar is too slow, try to transfer, free of charge, your domain to Cloudflare.com (you just have to change the nameserves at the original registrar to the one used by Clouflare) and config the working station NIC to use 1.1.1.1 as DNS name server.
Whenever you change a DNS record, you won’t have to wait for the DNS propagation.
“Require SSL encrypted connection” makes no difference. Putting http: or https: in the destination url makes no difference.
I have “Accept invalid SSL certificate from target” checked. To me this would mean that the connection between my browser and nethserver is encrypted but the forward between my nethserver and jellyfin server are not. which is fine, they are both on my local network.
Not sure what “Forward HTTP Host header to target” does.
I’ve tried every combination of settings there is in Nethserver reverse proxy and they all end up with cert errors on any server that is not Netherserver itself.
Is there a way to use Nethservers letsencrypt cert on other servers without copying it?
Since it is NethServer establishing the crypted communication, it uses its certificate since the reverse proxy tells any request to Jellyfin.mydomain.com to use the default cert.
Request a Let’s Encrypt certificate from NethServer’s Cockpit for Jellyfin.mydomain.com
then tell Jellyfin.mydomain.com on the reverse proxy to use this new certificate.
Unfortunately, this is what I have already done and it still doesn’t work.
I should be using a dns-01 challenge anyway which apparently Nethserver can’t do so I’ve started looking for other solutions.
[… I deleted the reverse proxy and the virtual hosts I created but now when I ping jellyfin.mydomain.com I get the address of my nethserver. …]
I think you shoud check if it is present, and remove it, jellyfin.mydomain.com under system->dashboard → hostname/alias.
because when you setup a new LE cert for, nethserver automatically creates a new alias with that FQDN. (hope it’s true I’m relying on my memory)